How is my ISP is able to tell I have a pfSense router?
-
I was on the phone with my ISP just now troubleshooting a problem with their hardware when the tech casually tells me that it looks like I'm running pfSense. I'm wondering how they might know that. All internet traffic is over a VPN and dns is setup for dns-over-tls. Just curious.
-
In my case, pfSense leaked it's hostname via dhcp address retrieval from ISP's DHCP server on WAN port.
Ref. https://tools.ietf.org/html/rfc8117#page-5 , 4.1 -> Protocols That Leak Hostnames -> DHCP.
Shortly. own hostname is included in DHCP query, while default hostname in pfSense is "pfSense";
-
DHCP leaking hostname never occurred to me. I set hostname to pfsense, so that would be it. Thanks.
-
They can also most likely see the mac, which would point to netgate hardware if your running appliance.
-
Never been paranoid myself but hostname is one of those things I automatically change after a install. Guess I like to personalize my stuff, and now that u mentioned it, seeing all those default SSID in my neighborhood, so I can tell right on top, aha, somebody is running an at&t DSL…
-
…so I can tell right on top, aha, somebody is running an at&t DSL...
Probably better than using your family name or number.street as SSID. Knowing an ISP doesn't give you much of an attack vector.
