ISP detect OpenWRT

Now I don't know if this is something to worry about, but I'll ask anyway.

After installing a router, I was wondering how much an ISP can see to detect if an end user is running OpenWRT? I would like the ISP to detect it as just another consumer router.

I figured that it would be a good idea to update only over a VPN for example. But I recon there would be more to it.

Is this possible, doable or am I being a bit paranoid~ish ? :grin:

Most consumer routers OEM firmwares are actually OpenWrt derivatives, so there is not much difference from ISP perspective.
And the router's firewall should stop incoming snooping traffic in any case.

(And why should ISP actually care?)

6 Likes

Aren't you running Openwrt on a consumer router ?

3 Likes

If you run a VPN that would definitely signal to the ISP that thay have a security geek on the line, and then they assume everything else🤣.

And they see you surfing here and on openwrt.org also so they know what you do anyway, if they want to…

1 Like

And “you don’t trust the ISP” but you trust a VPN provider on the cayman islands or somewhere without laws.

If you look at the definition of commercial vpn providers they are the textbook example of a man in the middle attack.

7 Likes

Nor do they provide any additional security.

7 Likes

The bizarre thing is that the ISP would probably like it very much if every customer actually cared for their cyber security and run OpenWrt or something similar. Because one of the biggest treats on the internet today is all home routers with so useless old firmware and old security holes.
The problem as of today according to Cloudflare blogposts is that the mayor gigantic DDoS attacks nowadays are almost totally made by home routers and IoT (from private customers IP addresses).

1 Like

I do remember times when ISPs cared about clients by giving them calls "you sent 10.000 emails today, please, stop" :laughing:

2 Likes

Ever heard this anecdote about cowboy called "Can't catch me" Joe?

  • It was famous "Can't catch me" Joe?
  • Why "Can't catch me"?
  • Because no one give a sh*t about catching him.

What makes you think that ISP cares about your router more than it should?

... or you trying to become that Joe no one cares about?

:laughing:

I feel you, I don't like the fact that even if some entity is not targeting me or someone within my LAN, I feel Snowden's mass surveillance is still very much a thing in the US, its allies and whatever networks they've breached. And if they feel OpenWrt, or rather any open source projects, may prevent "regular channels" of data collection that is expected of regular, "innocent" civilians, they have the capability to analyze data and flag anyone or any source of anomalies.

The most obvious thing you can do if your WAN is simple DHCP is disable advertising your router's hostname which is "OpenWrt" by default. As for the rest of mass surveillance, you can maybe mimic any quirks of devices that your ISP may provide. But that's two layers of difficulty here: let alone emulating the quirks, how are you to find the kind of implementation of DHCP or PPPoE client do they have for example, and what changes they made to default behavior that might be a unique "signature"? I've no idea.

Eh, that might not be, depending on the popularity of work VPNs specially in- and post-pandemic. Of course protocols also matter, perhaps with the rate of commercial adoption WireGuard may not be a very common protocol yet, so that'll stand out in the sea of OpenVPN and IPSec traffic. Or maybe, a protocol like SoftEther's SSL VPN or Tor's obfsproxy that mimics regular HTTPS traffic to doge DPI could be used.

Very true, but I'd argue (given it's reasonably secure and invisible) depending on locale, political climate and government, perhaps you'd rather trust offshore companies mining data off you rather than local authorities watching behind your back.

1 Like

Nowadays it is more likely that your closest CERT org call you and say your IP address is guilty of the world largest DDoS attack and you are now suspended from internet until you clear your router from enemy bots.

I agree, if it can be used for extending freedom of speach, etc, go for it.
For average Joe, not so much.

Good luck finding my phone number )))

Usually when the government search for a person that has a gigantic online fingerprint, they usually succeed pretty fast with or without your phone number. Or they simply go to the ISP and block your connection.

I trust my government more than Google :smile:

1 Like

Do anyone in this forum trust google!?

A lot of locals use 8.8.8.8 or 1.1.1.1 as their DNS servers :joy:

1 Like