Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Re: MAC randomisation and DHCP pools (glenn.satch...@uniq.com.au) 2. Re: per-pool routers in dhcpd.conf? (Alexis Huxley) 3. Re: MAC randomisation and DHCP pools (Rudy Zijlstra) ---------------------------------------------------------------------- Message: 1 Date: Sun, 26 Jul 2020 18:50:54 +1000 From: glenn.satch...@uniq.com.au To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: MAC randomisation and DHCP pools Message-ID: <4f88e41c7d06ab9aacd7569e5c272...@uniq.com.au> Content-Type: text/plain; charset=US-ASCII; format=flowed Hi Rudy, That's good to know, but bypasses all the security offered by random MAC addresses, since a site can track using the DHCP ID :) regards, -glenn On 2020-07-26 18:26, Rudy Zijlstra wrote: > Hi Glenn, > > The DHCP Id should be stable, at least according to the dhcp RFC. I > need to start playing around a bit... > > I do understand the privacy concerns here, and why this is being > implemented. > > Cheers > > Rudy > > On 26-07-2020 05:02, glenn.satch...@uniq.com.au wrote: >> Hi Mike, >> >> I think in the short term setting the lease time to 24 hours would >> free up old leases after the MAC address changes, meaning the old >> client effectively goes away. Public places like shopping malls, >> should already have shorter leases due to the massive churn in >> clients, so it's not going to bother them much. >> >> But that doesn't address any of the issues with identifying individual >> devices, eg to put into different classes. For that I think it will >> need an education scheme with your users to turn off the feature on >> networks where identifying the client matters, eg corporate or home >> networks. >> >> I think this will evolve to having some other persistent identifier >> for systems to use. >> >> regards, >> -glenn >> >> On 2020-07-25 11:46, Joshua Stark wrote: >>> The user can decide to turn the feature off on the Apple device per >>> WiFi network: >>> >>> Rarely, a network might allow you to join with a private address, but >>> won't allow Internet access. If that happens, you can choose to stop >>> using private addresses [1] with that network >>> (https://support.apple.com/en-us/HT211227) >>> >>> I agree, this will make things different, harder initially. One >>> example that comes to mind is white/black lists on WiFi networks, >>> that >>> will go out the window. >>> And the other of being able to set a static IPv4 will be next to >>> impossible. >>> >>> But was that not the point of IPv6 - totally random >>> >>> In my mind this means we need an evolution of how we do things, like >>> how AWS/GCP have taken the classic firewall of IP/Port to a Service >>> Layer Firewall. >>> There is going to need to be another way to identify a device to >>> allow >>> automatic re-authentication, like public WiFi where you purchase >>> access for greater then 24hrs. >>> >>> How we do that, I don't know, but it's time to start thinking about >>> how to implement the next evolution in technology! >>> >>> Thanks >>> Josh >>> >>> On 24/7/20 20:59, Mike Richardson wrote: >>> >>>>> Hi Mike, >>>>> >>>>> This is not something new, it has been around since IOS 8 in 2014. >>>>> I think >>>>> this page summarises how it works and has links to Apple's site >>>>> with more >>>>> details. >>>>> >>>>> >>>> >>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/ >>>>> >>>>> It appears that it randomises the MAC address when the device is >>>>> passively >>>>> scanning for networks and other particular settings are enabled or >>>>> disabled, >>>>> so systems can't use the MAC address to persistently track >>>>> wherever you go. >>>>> However, it seems that any associations/joining of networks is >>>>> based on the >>>>> actual MAC address. >>>>> >>>>> Or am I talking about something else entirely different? >>>> >>>> Something new I believe: >>>> >>>> >>> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3 >>>> https://support.apple.com/en-us/HT211227 >>>> >>>> Apple, in IOS14, are going to implement the changing of MACs every >>>> 24 hours >>>> as the default, and different ones for each SSID, I believe. >>>> >>>> I'm just trying to evaluate the impact on things like DHCP, but I'm >>>> not sure >>>> about exactly what happens when pools are, sort of, exhausted. >>>> >>>> Thanks, >>>> >>>> Mike >>> >>> >>> >>> Links: >>> ------ >>> [1] https://support.apple.com/en-us/HT211227#onoff >>> _______________________________________________ >>> ISC funds the development of this software with paid support >>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>> information. >>> >>> dhcp-users mailing list >>> dhcp-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/dhcp-users >> _______________________________________________ >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> dhcp-users mailing list >> dhcp-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/dhcp-users > > _______________________________________________ > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Message: 2 Date: Sun, 26 Jul 2020 11:13:32 +0200 From: Alexis Huxley <alexishux...@gmail.com> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: per-pool routers in dhcpd.conf? Message-ID: <20200726091332.poo6u63ja45e5...@sugo.pasta.net> Content-Type: text/plain; charset=us-ascii thanks very much everyone for the prompt and useful feedback! In the end, I used Bill's suggestion to group hosts and set the router there, as it was closest to what I already had it worked fine! Thanks again! Alexis ------------------------------ Message: 3 Date: Sun, 26 Jul 2020 11:22:33 +0200 From: Rudy Zijlstra <r...@grumpydevil.homelinux.org> To: glenn.satch...@uniq.com.au, Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: MAC randomisation and DHCP pools Message-ID: <cad4c002-a0a4-68fc-d8c9-3993e079b...@grumpydevil.homelinux.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi Glenn, Would need to check the RFC, but if that remains stable on the network it is sufficient. This is also why i say i need to start playing/inveztigating with it. Android10 also has this feature. Of course, the likelyhood that goodle and Apple implement in the same way is not high :) Cheers Rudy On 26-07-2020 10:50, glenn.satch...@uniq.com.au wrote: > Hi Rudy, > > That's good to know, but bypasses all the security offered by random > MAC addresses, since a site can track using the DHCP ID :) > > regards, > -glenn > > On 2020-07-26 18:26, Rudy Zijlstra wrote: >> Hi Glenn, >> >> The DHCP Id should be stable, at least according to the dhcp RFC. I >> need to start playing around a bit... >> >> I do understand the privacy concerns here, and why this is being >> implemented. >> >> Cheers >> >> Rudy >> >> On 26-07-2020 05:02, glenn.satch...@uniq.com.au wrote: >>> Hi Mike, >>> >>> I think in the short term setting the lease time to 24 hours would >>> free up old leases after the MAC address changes, meaning the old >>> client effectively goes away. Public places like shopping malls, >>> should already have shorter leases due to the massive churn in >>> clients, so it's not going to bother them much. >>> >>> But that doesn't address any of the issues with identifying >>> individual devices, eg to put into different classes. For that I >>> think it will need an education scheme with your users to turn off >>> the feature on networks where identifying the client matters, eg >>> corporate or home networks. >>> >>> I think this will evolve to having some other persistent identifier >>> for systems to use. >>> >>> regards, >>> -glenn >>> >>> On 2020-07-25 11:46, Joshua Stark wrote: >>>> The user can decide to turn the feature off on the Apple device per >>>> WiFi network: >>>> >>>> Rarely, a network might allow you to join with a private address, but >>>> won't allow Internet access. If that happens, you can choose to stop >>>> using private addresses [1] with that network >>>> (https://support.apple.com/en-us/HT211227) >>>> >>>> I agree, this will make things different, harder initially. One >>>> example that comes to mind is white/black lists on WiFi networks, that >>>> will go out the window. >>>> And the other of being able to set a static IPv4 will be next to >>>> impossible. >>>> >>>> But was that not the point of IPv6 - totally random >>>> >>>> In my mind this means we need an evolution of how we do things, like >>>> how AWS/GCP have taken the classic firewall of IP/Port to a Service >>>> Layer Firewall. >>>> There is going to need to be another way to identify a device to allow >>>> automatic re-authentication, like public WiFi where you purchase >>>> access for greater then 24hrs. >>>> >>>> How we do that, I don't know, but it's time to start thinking about >>>> how to implement the next evolution in technology! >>>> >>>> Thanks >>>> Josh >>>> >>>> On 24/7/20 20:59, Mike Richardson wrote: >>>> >>>>>> Hi Mike, >>>>>> >>>>>> This is not something new, it has been around since IOS 8 in 2014. >>>>>> I think >>>>>> this page summarises how it works and has links to Apple's site >>>>>> with more >>>>>> details. >>>>>> >>>>>> >>>>> >>>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/ >>>> >>>> >>>>>> >>>>>> It appears that it randomises the MAC address when the device is >>>>>> passively >>>>>> scanning for networks and other particular settings are enabled or >>>>>> disabled, >>>>>> so systems can't use the MAC address to persistently track >>>>>> wherever you go. >>>>>> However, it seems that any associations/joining of networks is >>>>>> based on the >>>>>> actual MAC address. >>>>>> >>>>>> Or am I talking about something else entirely different? >>>>> >>>>> Something new I believe: >>>>> >>>>> >>>> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3 >>>> >>>> >>>>> https://support.apple.com/en-us/HT211227 >>>>> >>>>> Apple, in IOS14, are going to implement the changing of MACs every >>>>> 24 hours >>>>> as the default, and different ones for each SSID, I believe. >>>>> >>>>> I'm just trying to evaluate the impact on things like DHCP, but I'm >>>>> not sure >>>>> about exactly what happens when pools are, sort of, exhausted. >>>>> >>>>> Thanks, >>>>> >>>>> Mike >>>> >>>> >>>> >>>> Links: >>>> ------ >>>> [1] https://support.apple.com/en-us/HT211227#onoff >>>> _______________________________________________ >>>> ISC funds the development of this software with paid support >>>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>>> information. >>>> >>>> dhcp-users mailing list >>>> dhcp-users@lists.isc.org >>>> https://lists.isc.org/mailman/listinfo/dhcp-users >>> _______________________________________________ >>> ISC funds the development of this software with paid support >>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>> information. >>> >>> dhcp-users mailing list >>> dhcp-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/dhcp-users >> >> _______________________________________________ >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> dhcp-users mailing list >> dhcp-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Subject: Digest Footer _______________________________________________ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 141, Issue 15 *******************************************