Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Sensitive info with dhcpcd
Posted by: fallencity
Date: January 24, 2013 07:52PM

Hey guys first post here. I was analyzing some packets in wireshark a few days ago. Curious, I set the filter to bootp and took a good look at some DHCP packets. I noticed something that is a clear anonymity leak. In the packet I could see that I was transmitting not only my MAC address as seems to be the norm, I was also transmitting my dhcpcd version, kernel version, OS, and hostname. Which is way too much info for my comfort. I was wondering if there is a way to avoid transmitting this information. No other packets seem to transmit much except for my MAC address which I'm not worried about. But when I issue a DHCP request all of that is transmitted. I remember reading somewhere that you could edit your /etc/init.d/net.eth0 (or equivalent) file to include

VID=`fortune -o|head -c 30|tr "\"'\n" ' ' 2>/dev/null`
/sbin/dhcpcd -i ${VID} ${dhcpcd_IFACE} ${IFACE}

But I'm not sure what the equivalent would be, and I don't have that particular file. I'm using systemd. Any help would be amazing I've been searching this problem for quite some time.

Options: ReplyQuote
Re: Sensitive info with dhcpcd
Posted by: id
Date: January 26, 2013 04:54PM

I don't know about Linux, but on FreeBSD you can send whatever you want via the /etc/dhclient.conf.

Worst case, hack the source code, I doubt it's hard to figure out where the client is gathering/sending that info.

-id

Options: ReplyQuote
Re: Sensitive info with dhcpcd
Posted by: fallencity
Date: January 29, 2013 10:40AM

Well, since I use dhcpcd I don't think dhclient would be the one to edit, although I tried it anyway. No changes I made seemed to have any effect. I would imagine that if anything, it would be /etc/dhcpcd.conf that I would edit although nothing in there seems to be relevant.

I should be more specific. When I look at wireshark with the bootp filter on I notice that specifically in the DHCP Request is where there is a Vendor Class Identifier option. Here is where I see my dhcpcd version, Kernel and OS. Right underneath that is the option for hostname which appears to also get transmitted. I'm not sure that in dhcpcd.conf(which is the obvious choice for a config file to edit) is where I can keep this information from being sent. Any ideas?

Options: ReplyQuote
Re: Sensitive info with dhcpcd
Posted by: id
Date: January 31, 2013 08:53AM

dhcpcd is basically the same as dhclient, though it seems to be a little less configurable. It does seem that it is configurable enough to at least chance most of the information it is leaking. http://manpages.ubuntu.com/manpages/karmic/man8/dhcpcd-bin.8.html

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.