Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: MAC randomisation and DHCP pools (glenn.satch...@uniq.com.au)
2. Re: per-pool routers in dhcpd.conf? (Alexis Huxley)
3. Re: MAC randomisation and DHCP pools (Rudy Zijlstra)
----------------------------------------------------------------------
Message: 1
Date: Sun, 26 Jul 2020 18:50:54 +1000
From: glenn.satch...@uniq.com.au
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: MAC randomisation and DHCP pools
Message-ID: <4f88e41c7d06ab9aacd7569e5c272...@uniq.com.au>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Hi Rudy,
That's good to know, but bypasses all the security offered by random MAC
addresses, since a site can track using the DHCP ID :)
regards,
-glenn
On 2020-07-26 18:26, Rudy Zijlstra wrote:
> Hi Glenn,
>
> The DHCP Id should be stable, at least according to the dhcp RFC. I
> need to start playing around a bit...
>
> I do understand the privacy concerns here, and why this is being
> implemented.
>
> Cheers
>
> Rudy
>
> On 26-07-2020 05:02, glenn.satch...@uniq.com.au wrote:
>> Hi Mike,
>>
>> I think in the short term setting the lease time to 24 hours would
>> free up old leases after the MAC address changes, meaning the old
>> client effectively goes away. Public places like shopping malls,
>> should already have shorter leases due to the massive churn in
>> clients, so it's not going to bother them much.
>>
>> But that doesn't address any of the issues with identifying individual
>> devices, eg to put into different classes. For that I think it will
>> need an education scheme with your users to turn off the feature on
>> networks where identifying the client matters, eg corporate or home
>> networks.
>>
>> I think this will evolve to having some other persistent identifier
>> for systems to use.
>>
>> regards,
>> -glenn
>>
>> On 2020-07-25 11:46, Joshua Stark wrote:
>>> The user can decide to turn the feature off on the Apple device per
>>> WiFi network:
>>>
>>> Rarely, a network might allow you to join with a private address, but
>>> won't allow Internet access. If that happens, you can choose to stop
>>> using private addresses [1] with that network
>>> (https://support.apple.com/en-us/HT211227)
>>>
>>> I agree, this will make things different, harder initially. One
>>> example that comes to mind is white/black lists on WiFi networks,
>>> that
>>> will go out the window.
>>> And the other of being able to set a static IPv4 will be next to
>>> impossible.
>>>
>>> But was that not the point of IPv6 - totally random
>>>
>>> In my mind this means we need an evolution of how we do things, like
>>> how AWS/GCP have taken the classic firewall of IP/Port to a Service
>>> Layer Firewall.
>>> There is going to need to be another way to identify a device to
>>> allow
>>> automatic re-authentication, like public WiFi where you purchase
>>> access for greater then 24hrs.
>>>
>>> How we do that, I don't know, but it's time to start thinking about
>>> how to implement the next evolution in technology!
>>>
>>> Thanks
>>> Josh
>>>
>>> On 24/7/20 20:59, Mike Richardson wrote:
>>>
>>>>> Hi Mike,
>>>>>
>>>>> This is not something new, it has been around since IOS 8 in 2014.
>>>>> I think
>>>>> this page summarises how it works and has links to Apple's site
>>>>> with more
>>>>> details.
>>>>>
>>>>>
>>>>
>>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/
>>>>>
>>>>> It appears that it randomises the MAC address when the device is
>>>>> passively
>>>>> scanning for networks and other particular settings are enabled or
>>>>> disabled,
>>>>> so systems can't use the MAC address to persistently track
>>>>> wherever you go.
>>>>> However, it seems that any associations/joining of networks is
>>>>> based on the
>>>>> actual MAC address.
>>>>>
>>>>> Or am I talking about something else entirely different?
>>>>
>>>> Something new I believe:
>>>>
>>>>
>>> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3
>>>> https://support.apple.com/en-us/HT211227
>>>>
>>>> Apple, in IOS14, are going to implement the changing of MACs every
>>>> 24 hours
>>>> as the default, and different ones for each SSID, I believe.
>>>>
>>>> I'm just trying to evaluate the impact on things like DHCP, but I'm
>>>> not sure
>>>> about exactly what happens when pools are, sort of, exhausted.
>>>>
>>>> Thanks,
>>>>
>>>> Mike
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] https://support.apple.com/en-us/HT211227#onoff
>>> _______________________________________________
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> _______________________________________________
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 2
Date: Sun, 26 Jul 2020 11:13:32 +0200
From: Alexis Huxley <alexishux...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: per-pool routers in dhcpd.conf?
Message-ID: <20200726091332.poo6u63ja45e5...@sugo.pasta.net>
Content-Type: text/plain; charset=us-ascii
thanks very much everyone for the prompt and useful feedback! In the
end, I used Bill's suggestion to group hosts and set the router there,
as it was closest to what I already had it worked fine! Thanks again!
Alexis
------------------------------
Message: 3
Date: Sun, 26 Jul 2020 11:22:33 +0200
From: Rudy Zijlstra <r...@grumpydevil.homelinux.org>
To: glenn.satch...@uniq.com.au, Users of ISC DHCP
<dhcp-users@lists.isc.org>
Subject: Re: MAC randomisation and DHCP pools
Message-ID:
<cad4c002-a0a4-68fc-d8c9-3993e079b...@grumpydevil.homelinux.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Glenn,
Would need to check the RFC, but if that remains stable on the network
it is sufficient.
This is also why i say i need to start playing/inveztigating with it.
Android10 also has this feature. Of course, the likelyhood that goodle
and Apple implement in the same way is not high :)
Cheers
Rudy
On 26-07-2020 10:50, glenn.satch...@uniq.com.au wrote:
> Hi Rudy,
>
> That's good to know, but bypasses all the security offered by random
> MAC addresses, since a site can track using the DHCP ID :)
>
> regards,
> -glenn
>
> On 2020-07-26 18:26, Rudy Zijlstra wrote:
>> Hi Glenn,
>>
>> The DHCP Id should be stable, at least according to the dhcp RFC. I
>> need to start playing around a bit...
>>
>> I do understand the privacy concerns here, and why this is being
>> implemented.
>>
>> Cheers
>>
>> Rudy
>>
>> On 26-07-2020 05:02, glenn.satch...@uniq.com.au wrote:
>>> Hi Mike,
>>>
>>> I think in the short term setting the lease time to 24 hours would
>>> free up old leases after the MAC address changes, meaning the old
>>> client effectively goes away. Public places like shopping malls,
>>> should already have shorter leases due to the massive churn in
>>> clients, so it's not going to bother them much.
>>>
>>> But that doesn't address any of the issues with identifying
>>> individual devices, eg to put into different classes. For that I
>>> think it will need an education scheme with your users to turn off
>>> the feature on networks where identifying the client matters, eg
>>> corporate or home networks.
>>>
>>> I think this will evolve to having some other persistent identifier
>>> for systems to use.
>>>
>>> regards,
>>> -glenn
>>>
>>> On 2020-07-25 11:46, Joshua Stark wrote:
>>>> The user can decide to turn the feature off on the Apple device per
>>>> WiFi network:
>>>>
>>>> Rarely, a network might allow you to join with a private address, but
>>>> won't allow Internet access. If that happens, you can choose to stop
>>>> using private addresses [1] with that network
>>>> (https://support.apple.com/en-us/HT211227)
>>>>
>>>> I agree, this will make things different, harder initially. One
>>>> example that comes to mind is white/black lists on WiFi networks, that
>>>> will go out the window.
>>>> And the other of being able to set a static IPv4 will be next to
>>>> impossible.
>>>>
>>>> But was that not the point of IPv6 - totally random
>>>>
>>>> In my mind this means we need an evolution of how we do things, like
>>>> how AWS/GCP have taken the classic firewall of IP/Port to a Service
>>>> Layer Firewall.
>>>> There is going to need to be another way to identify a device to allow
>>>> automatic re-authentication, like public WiFi where you purchase
>>>> access for greater then 24hrs.
>>>>
>>>> How we do that, I don't know, but it's time to start thinking about
>>>> how to implement the next evolution in technology!
>>>>
>>>> Thanks
>>>> Josh
>>>>
>>>> On 24/7/20 20:59, Mike Richardson wrote:
>>>>
>>>>>> Hi Mike,
>>>>>>
>>>>>> This is not something new, it has been around since IOS 8 in 2014.
>>>>>> I think
>>>>>> this page summarises how it works and has links to Apple's site
>>>>>> with more
>>>>>> details.
>>>>>>
>>>>>>
>>>>>
>>>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/
>>>>
>>>>
>>>>>>
>>>>>> It appears that it randomises the MAC address when the device is
>>>>>> passively
>>>>>> scanning for networks and other particular settings are enabled or
>>>>>> disabled,
>>>>>> so systems can't use the MAC address to persistently track
>>>>>> wherever you go.
>>>>>> However, it seems that any associations/joining of networks is
>>>>>> based on the
>>>>>> actual MAC address.
>>>>>>
>>>>>> Or am I talking about something else entirely different?
>>>>>
>>>>> Something new I believe:
>>>>>
>>>>>
>>>> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3
>>>>
>>>>
>>>>> https://support.apple.com/en-us/HT211227
>>>>>
>>>>> Apple, in IOS14, are going to implement the changing of MACs every
>>>>> 24 hours
>>>>> as the default, and different ones for each SSID, I believe.
>>>>>
>>>>> I'm just trying to evaluate the impact on things like DHCP, but I'm
>>>>> not sure
>>>>> about exactly what happens when pools are, sort of, exhausted.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Mike
>>>>
>>>>
>>>>
>>>> Links:
>>>> ------
>>>> [1] https://support.apple.com/en-us/HT211227#onoff
>>>> _______________________________________________
>>>> ISC funds the development of this software with paid support
>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>> information.
>>>>
>>>> dhcp-users mailing list
>>>> dhcp-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>> _______________________________________________
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 141, Issue 15
*******************************************
