Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-19-2006, 05:32 PM
|
#1
|
Senior Member
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482
|
Understanding DHCP Host Name
I've long noticed when using dialup that my local box name is used to provide a FQDN. Of course, I name my box for my personal usage, not for the rest of the world. What I name my boxes is, IMO, nobody's business. I've always wanted to change this but never knew how, even if possible.
Now that I am on broadband and connecting with DHCP, I am trying to read and learn more about DHCP. I noticed a DHCP client option called hostname that has rekindled my interest in this issue about masking or spoofing my box name. Can I use this feature to tell the ISP server to use a different host name when referring to my box? In addition to masking the box name, can I tell the DHCP server to mask or spoof the entire FQDN? That is, can I instruct the DHCP server to recognize my box as nobody.braindead.net despite actually being mybox.localdomain? Am I correctly understanding this DHCP client option?
I realize that installing a router/gateway device in between my home office and the ISP would eliminate this concern because I then can assign whatever name I want to the home office router, which is the interface to the ISP. The outside world then would never see the names of my boxes inside the router/gateway. I intend to do that, but for this thread I merely am seeking better info about spoofing or masking my box name on a stand-alone box.
And as an afterthought, I suppose MAC addresses can be spoofed to?
Which raises a probably contentious topic. Should I consider spoofing my box name and MAC address? From a privacy issue, yes. I realize that I cannot I fool my ISP about who I am. My concern is the parasites and varmints downstream of my ISP and simple privacy spoofing/masking seems like a Good Thing. But is the idea worth pursuing and worth the time and energy?
Thanks again.
|
|
|
09-19-2006, 05:41 PM
|
#2
|
Senior Member
Registered: Jul 2005
Distribution: Slackware
Posts: 2,012
Rep:
|
On me own dnsmasq server, it uses th' hostname field ta properly do local dynamic dns. Methinks that th' ISP does not care, and simply assigns something like "dhcp1337.isp.com" ta ye computer. On wireless APs, it uses th' hostname ta fill th' clients table. I do not see why spoofing really makes any difference, unless ye changes it often.
|
|
|
09-20-2006, 09:00 PM
|
#3
|
Senior Member
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482
Original Poster
|
For future thread visitors, I answered my own question by brute force---I simply edited /etc/rc.d/rc.inet1.conf by adding the DHCP_HOSTNAME[0]="abc.xyz.org" option. I selected a name in the format of nobody.braindead.org. I then restarted the rc.d/rc.inet1 script.
The trick works just fine! The ISP DHCP server retain my spoofed box name, but ignores the domain name and forces my box to join the ISP's domain. I don't mind that, but I like the idea of spoofing my box name with respect to the rest of the internet. My box name remains private with respect to my LAN.
Not that this matters much with this new ISP because his servers do not disclose that information to other server requests. At least, not as far as I can tell when I visit web sites that test privacy-disclosure issues with web browsers.
For those who use Windows, a different box name for the DHCP client can be configured there as well.
Quote:
Methinks that th' ISP does not care, and simply assigns something like "dhcp1337.isp.com" ta ye computer.
|
Yes, that is my experience too. Must be "Speak like a pirate day," huh.
|
|
|
09-21-2006, 05:56 AM
|
#4
|
Senior Member
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
|
Just for grins, go take a look at http://tor.eff.org and see if it might fit your needs.
|
|
|
09-21-2006, 11:52 AM
|
#5
|
Senior Member
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482
Original Poster
|
I'm familiar with tor. Now that I have broadband I probably will (eventually) investigate.
For now, I have my box configured as tight as possible to protect my online privacy. Yesterday I visited several testing sites and the only thing they can determine from my box is the IP address. That's pretty darn good.
Through that process I also found some squid options to better protect privacy. I'm not paranoid, but I like to act as though I'm paranoid because there are indeed a lot of parasites out there in la-la land. Most of them wear black suits and at night wear face masks pretending to be ninjas.
Yeah, tor likely is my future.
|
|
|
09-22-2006, 05:42 AM
|
#6
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Either you have a very permissive ISP (*) or you might want to try doing that name lookup from some host outside your local network. I think you might be misinterpreting what it's doing with the hostname option.
The common use of the hostname option is to identify the host to the DHCP server in order to request a specifically pre-arranged lease. At home I define the static leases by the MAC address (because I'm lazy and I cut & paste out of the lease database) but it's not unusual to tie static leases to the hostnames. There's a whole 'nother thing that's set up to allow DHCP clients to push a hostname into DNS tables (although dhclient does support that).
* - I say permissive when I really mean "potentially dangerous". Let's say you notice that if you use "spankeroo.domain.com" that the ISP diddles up a name service entry of "spankeroo.theirdomain.com". This doesn't seem immediately problematic, until you do "ns.domain.com" and get "ns.theirdomain.com" and start seeing a lot of UDP packets coming to port 53. (Yes, I've done this stunt at a large office and was completely shocked to see that the Microsoft nameserver wasn't configured to protect special hostnames that were in use.)
|
|
|
09-22-2006, 05:06 PM
|
#7
|
Senior Member
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482
Original Poster
|
Quote:
Either you have a very permissive ISP (*) or you might want to try doing that name lookup from some host outside your local network. I think you might be misinterpreting what it's doing with the hostname option.
|
Hmm, let me explain further. With respect to the ISP, yes, my box is assigned a domain name with respect to his network. I can provide or spoof my internal LAN box name with a different name, and the ISP DHCP server accepts that name, but includes the name in its own domain structure.
For example, if my box name is box1, I can configure my dhcp client to use the name nobody. The ISP DHCP server then assigns my box the name nobody.ispdomain.net.
To the outside world, however, the ISP does not release this domain name. I just visited the grc.com site as an example and the web page tells me that "Your Internet connection has no Reverse DNS." I have visited a few other privacy checking sites the past few days to test my new broadband connection, and every one of them reports they cannot find a domain name for my box. To me, that is a Good Thing. Not that they cannot perform a basic reverse lookup to find the domain I am using---they easily can, but they cannot create a FQDN with respect to my box.
On the other hand, I still have my dialup account active. If I dial in and perform the same page visits, those sites all report my box as blah-blah-blah.ispdomain.net. The dialup ISP ignores my box name and assigns a random name to create a FQDN for my box. Could be a dialup thing vs. DHCP, I don't know, but there is a difference between the two ISPs.
That these web sites cannot determine a FQDN for my box only means that the ISP server is not revealing that information directly upon request. Before my dialup account expires next month I intend to use one of my boxes to dial in and test for open ports, etc., on my other box connected to the new ISP. I then will use my FQDN assigned to me by the ISP DHCP server in a simple ping test to see if that name still works. If so, then I know that the ISP server simply is configured not to reveal that information upon request. If the FQDN fails then the ISP is creating that name only for internal use and not for external use at all.
|
|
|
09-26-2006, 03:20 AM
|
#8
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Quote:
Originally Posted by Woodsman
Hmm, let me explain further. With respect to the ISP, yes, my box is assigned a domain name with respect to his network. I can provide or spoof my internal LAN box name with a different name, and the ISP DHCP server accepts that name, but includes the name in its own domain structure.
For example, if my box name is box1, I can configure my dhcp client to use the name nobody. The ISP DHCP server then assigns my box the name nobody.ispdomain.net.
|
I'm not trying to challenge you, just trying to isolate where you're getting confused. What is telling you the ISP's DHCP server is assigning you any kind of hostname? Simply populating /etc/resolv.conf (which is something dhclient will do) may be giving you the wrong idea.
Quote:
Originally Posted by Woodsman
To the outside world, however, the ISP does not release this domain name. I just visited the grc.com site as an example and the web page tells me that "Your Internet connection has no Reverse DNS." I have visited a few other privacy checking sites the past few days to test my new broadband connection, and every one of them reports they cannot find a domain name for my box. To me, that is a Good Thing. Not that they cannot perform a basic reverse lookup to find the domain I am using---they easily can, but they cannot create a FQDN with respect to my box.
|
Multiple problems here. A basic reverse lookup isn't going to turn up anything if it didn't already turn up anything.
Your ISP actually could populate the inverse address resolution tables with your on-the-fly hostname, if they wanted to.
The vast majority of exploits and exploiting that goes on out there isn't targeted at hostnames. That's a false sense of security you're getting. About the only useful thing not having an inverse address designation for your IP accomplishes is that a great number of mail servers will simply refuse to take mail from you.
Quote:
Originally Posted by Woodsman
On the other hand, I still have my dialup account active. If I dial in and perform the same page visits, those sites all report my box as blah-blah-blah.ispdomain.net. The dialup ISP ignores my box name and assigns a random name to create a FQDN for my box. Could be a dialup thing vs. DHCP, I don't know, but there is a difference between the two ISPs.
|
It's likely not a random name. That's the hostname assigned to the IP address you were given (at random) when you dialed in.
Quote:
Originally Posted by Woodsman
That these web sites cannot determine a FQDN for my box only means that the ISP server is not revealing that information directly upon request. Before my dialup account expires next month I intend to use one of my boxes to dial in and test for open ports, etc., on my other box connected to the new ISP. I then will use my FQDN assigned to me by the ISP DHCP server in a simple ping test to see if that name still works. If so, then I know that the ISP server simply is configured not to reveal that information upon request. If the FQDN fails then the ISP is creating that name only for internal use and not for external use at all.
|
I don't think that's going to work like you want. See above.
|
|
|
09-26-2006, 03:18 PM
|
#9
|
Senior Member
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482
Original Poster
|
Quote:
I'm not trying to challenge you, just trying to isolate where you're getting confused. What is telling you the ISP's DHCP server is assigning you any kind of hostname?
|
I'm not confused (anymore ), but I have not provided sufficient info in this thread, which leaves readers confused.
When I used dialup, the dialup ISP always assigned a FQDN to my connection/box. I know this from visiting privacy-checking web sites and my visit was identified as blah-blah-blah-ispdomainname.com. The box name assigned was not totally random, but only partially. The box name always consisted of some numbers and a partial reference to the ISP domain: something like 1234ispdom.ispdomainname.com.
With my new broadband ISP, using DHCP, no such name is revealed, as I can verify by visiting all of those same privacy-checking web sites. The distinction is nominal but noticeable. All this means is that when a specific request is made asking for this information, the current ISP has configured his servers not to disclose that information. That does not mean my box is not assigned a FQDN (see below).
Quote:
About the only useful thing not having an inverse address designation for your IP accomplishes is that a great number of mail servers will simply refuse to take mail from you.
|
I send mail just fine right now with the new ISP, which tells me that the ISP is indeed assigning my connection/box a FQDN. I can verify this by sending email to myself at a different address and checking the headers. There I see my FQDN of spoofed-boxname.newispdomainname.com. To tie back to this thread, the FQDN assigned to my connection/box is based upon the name I provided/spoofed to the DHCP server, which by configuring my box appropriately, is not the actual name I assigned and use for my LAN. This was all I wanted to achieve. In Slackware I spoofed the box name by modifying the DHCP_HOSTNAME[x] keyline. With respect to my LAN the box name remains that defined in /etc/HOSTNAME. In Windows I modify the DNS host name under the network TCP/IP settings.
Quote:
It's likely not a random name. That's the hostname assigned to the IP address you were given (at random) when you dialed in.
|
Agreed, as further explained just above!
|
|
|
09-26-2006, 09:24 PM
|
#10
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Quote:
Originally Posted by Woodsman
I'm not confused (anymore ), but I have not provided sufficient info in this thread, which leaves readers confused.
When I used dialup, the dialup ISP always assigned a FQDN to my connection/box. I know this from visiting privacy-checking web sites and my visit was identified as blah-blah-blah-ispdomainname.com. The box name assigned was not totally random, but only partially. The box name always consisted of some numbers and a partial reference to the ISP domain: something like 1234ispdom.ispdomainname.com.
|
If you look, you'll likely find that the number is either the IP address itself in long integer form, or a hexadecimal representation of same. If you cited an IP and it's hostname I could probably tell you which (almosts certainly with two) but these things are seldom actually random.
Quote:
Originally Posted by Woodsman
With my new broadband ISP, using DHCP, no such name is revealed, as I can verify by visiting all of those same privacy-checking web sites. The distinction is nominal but noticeable. All this means is that when a specific request is made asking for this information, the current ISP has configured his servers not to disclose that information. That does not mean my box is not assigned a FQDN (see below).
|
Neither does it mean you were assigned one... and I've got unfortunate news for you. Hostnames that don't resolve don't technically exist.
Quote:
Originally Posted by Woodsman
I send mail just fine right now with the new ISP, which tells me that the ISP is indeed assigning my connection/box a FQDN. I can verify this by sending email to myself at a different address and checking the headers. There I see my FQDN of spoofed-boxname.newispdomainname.com. To tie back to this thread, the FQDN assigned to my connection/box is based upon the name I provided/spoofed to the DHCP server, which by configuring my box appropriately, is not the actual name I assigned and use for my LAN. This was all I wanted to achieve. In Slackware I spoofed the box name by modifying the DHCP_HOSTNAME[x] keyline. With respect to my LAN the box name remains that defined in /etc/HOSTNAME. In Windows I modify the DNS host name under the network TCP/IP settings.
Agreed, as further explained just above!
|
...and mail headers aren't going to mean much of anything. Your box tells the remote mail server what it thinks it's hostname is when it sends it's initial HELO command. It's rather likely that you're mistaking a loose part of the SMTP protocol for your "proof" of FQDN assignment. Here's an example:
Code:
Received: from lists.netcentral.net (chat1.netcentral.net [216.33.114.151])
by mx.gmail.com with SMTP id i33si1217844wxd.2006.09.21.16.35.13;
Thu, 21 Sep 2006 16:35:13 -0700 (PDT)
Does 'lists.netcentral.net' exist? Maybe. Does it have anything to do with anything? Not really. The IP address the mail came from is definitely 216.33.114.151, and at the time that IP address resolved to chat1.netcentral.net... but this does not mean lists.netcentral.net is a real hostname assigned to anything. In this case, it's just the hostname the host gave when it was trying to hand over the mail.
|
|
|
All times are GMT -5. The time now is 05:29 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|