How is my ISP is able to tell I have a pfSense router?



  • I was on the phone with my ISP just now troubleshooting a problem with their hardware when the tech casually tells me that it looks like I'm running pfSense. I'm wondering how they might know that. All internet traffic is over a VPN and dns is setup for dns-over-tls. Just curious.



  • In my case, pfSense leaked it's hostname via dhcp address retrieval from ISP's DHCP server on WAN port.

    Ref. https://tools.ietf.org/html/rfc8117#page-5 , 4.1 -> Protocols That Leak Hostnames -> DHCP.

    Shortly. own hostname is included in DHCP query, while default hostname in pfSense is "pfSense";



  • DHCP leaking hostname never occurred to me. I set hostname to pfsense, so that would be it. Thanks.


  • Rebel Alliance Global Moderator

    They can also most likely see the mac, which would point to netgate hardware if your running appliance.



  • Never been paranoid myself but hostname is one of those things I automatically change after a install.  Guess I like to personalize my stuff, and now that u mentioned it, seeing all those default SSID in my neighborhood, so I can tell right on top, aha, somebody is running an at&t DSL…



  • @SammyWoo:

    …so I can tell right on top, aha, somebody is running an at&t DSL...

    Probably better than using your family name or number.street as SSID. Knowing an ISP doesn't give you much of an attack vector.