On Tue, Apr 11, 2017 at 06:20:38AM -0700, Dominique St-Pierre Boucher wrote: > On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote: > > qubenix: > > > Andrew David Wong: > > >> On 2017-04-09 15:25, Joonas Lehtonen wrote: > > >>> Hi, > > >> > > >>> if you setup MAC randomization via network manager in a debian 9 > > >>> template as described here: > > >>> https://www.qubes-os.org/doc/anonymizing-your-mac-address/ > > >>> you still leak your hostname. > > >> > > >>> Once your MAC address is randomized you might also want to prevent the > > >>> disclosure of your netvm's hostname to the network, since "sys-net" > > >>> might be a unique hostname (that links all your random MAC addresses and > > >>> the fact that you likely use qubes). > > >> > > >>> To prevent the hostname leak via DHCP option (12): > > >>> - start the debian 9 template > > >>> - open the file /etc/dhcpd/dhclient.conf > > >>> - in line number 15 you should see "send host-name = gethostname();" > > >>> - comment (add "#" at the beginning) or remove that line and store the > > >>> file > > >>> - reboot your netvm > > >> > > >>> I tested the change via inspecting dhcp requests and can confirm that > > >>> the hostname is no longer included in dhcp requests. > > >> > > >> > > >> Thanks. Added as a comment: > > >> > > >> https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628 > > >> > > >> > > > > > > Nice. I was just thinking about this after spending some time on my > > > routers interface. Thanks for the post! > > > > > > > After testing this, 'sys-net' still shows up on my router interface. > > > > -- > > qubenix > > GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 > > Did the same test and got the same result. > > Anyone has a solution? I can always change my hostname for something else, > but I would prefer not sending the hostname or finding a way to randomize > it!!! > > Dominique >
Strange, because those instructions are standard for removing the hostname - I set it as blank, rather than commenting out. If you sniff the traffic you will see that the hostname is indeed no longer sent. Why is it on your router interface? My guess is that your router is returning the hostname that it has associated with the MAC address. I've seen this happen when changing hostname, and the DHCP server returns the *old* hostname as part of the DHCP exchange. If you reboot the router and test again, you may find that the issue goes away. You could, of course, set a random hostname from rc.local on each boot of sys-net. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170411232447.GA18085%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
