Uninitiated noon question below.
A couple of days ago, this haprogram https://programming.dev/post/41491279
Now, during the phonecall with my ISP, the guy asked, “is your router an ASUS?” to which I answered, “yes and no, because it’s sold as a router but I have it in AP mode and my actual router is OpenWrt on a Raspberry Pi.” To which he replied “noice!”
How did he know the make of my access point? A few of my own thoughts are:
- he was referring to historical data (I’ve been a loyal customer of theirs for a looong time…) from a time when I was using the same topology (setup?) but without a VPN on the router, so the hostname of the AP (stored in /etc/hostname on the ASUS OS/firmware ?) was simply displayed on whatever software an ISP uses for troubleshooting through… an ARP? But aren’t ARPs limited to a LAN/they cannot resolve beyond a hop? Or perhaps a variant of DNS? How indeed do hostnames transmit? Are they in the IP header by default?
- as in 1 above, but he actively used nmap or some other recog program
- as in 1 above but from a time when I was in fact using the ASUS machine as a router
- my VPN is “leaking” - not likely, because all my traffic either goes through the wireguard interface on OpenWrt/RPi, or it doesn’t go anywhere…
If 1, 2 or 3: why do they keep historical data on me? Is it praxis?
I work for an ISP. There’s a number of ways that that they could have figured it out and probably 98 percent of them are genuinely there as a troubleshooting method and nothing more.
As another user said, if it’s a fiber connected ONT, there’s some remote management tools we can use to see what’s there. Some ONTs have a router built in as well and in some cases, we’ve actually done a site scan of WiFi networks for customers set up like you. We can see all the WiFi devices nearby and pretty quickly tell you “yeah, your speed/connectivity issues are because you have about 80 2.4ghz networks being broadcast around you.”
If they offer their own routers, someone could even do a site scan off of your neighbors routers and get an idea what’s around. If most of your other neighbors are using their own routers ISP provided router and you’re the odd one out, odds are that non-ISP device they’re seeing is you. This one is the least likely though, there’s a number of easier methods to see what’s the device is besides using other devices in neighboring houses.
Additionally, there’s a chance they did document something like “customer is using their own Asus router, not ours” and they just checked ticket/service order history. They could have got this from you telling them in the past, a technician being onsite and seeing this, or as the other comment mentioned, you’re connected to their network, they’re going to see the MAC address of the device plugged into their equipment in a few places pretty easily.
Thank you for such a detailed answer! I learned a lot! :D this inspired me to do some research on the capabilities of the new ONT that they are providing soon. Assuming that those probing capabilities that you spoke of are built into the ONT and not some peripheral add-on equipment?
Some of that is built in (mostly if it’s an ONT/router combination unit). And a lot of what they can see is just because you’re sending all of your traffic through them no matter what VPN you’re running. Knowing MAC addresses is pretty much a requirement for “the internet” to work correctly and, while you can obfuscate a MAC address on some devices, there is a (small) chance that can cause problems too.
I know hearing from someone that actually works for one may not be super convincing, but if your ISP is a smaller provider than like AT&T/Spectrum/Cox, they are almost certainly not going to spy on you just because they want to. I’m a customer of the ISP I work at. If I was told tomorrow I had to turn on some kind of deep packet inspection/intercept/spying service, I’d resist it as much as possible simply because I don’t want to see that and I don’t want someone to see what I’m doing. I can only assume that other companies have similar positions on the matter.
No judgment at all. I mean, I work for a government agency and - while resisting unlawful or immoral directives maybe somewhat harder for me (?) - I do try to stay humane and at times blatantly go against policies or orders that violate certain human rights.
Then, if I understand it correctly, the data portion of the packet is encrypted but there are unencrypted headers or whatevers necessary for inter device communication? MAC to MAC, IP to IP, port to port, etc., that stay unencrypted even when they go through the VPN interface? Which in turn is how the VPN interface or software or protocol is programmed?
Yeah, by virtue of not owning the entire connection (which is impossible unless you own the ISP, intermediary providers, and the service you’re connecting to) somebody somewhere is going to see something that may be identifiable to you. There are services that are offered by many companies for huge enterprises that give you basically a direct connection to a data center and a lot of times that traffic can be totally encrypted, but it’s usually for very big enterprises and isn’t cheap to get.
And you’re definitely helping the privacy part running a VPN on the router level, but still, there’s always a chance of something getting leaked. It’s pretty low and gets better all the time, but that chance always exists. It’s the reason why air gapping is still a thing for things that ABSOLUTELY cannot be attacked/compromised/viewed by some random person.
Again, if you’re going off of a privacy stance, you’ve made things hard enough that unless a huge ISP has some kind of agreement to sell data to advertising companies and spending the time to implement services to get you and the 2 percent (which is probably a huge overestimate) of customers taking similar steps, it’s just not worth them making the effort.