Router and devices visibility behind modem

Using a pretty typical and default setup with openwrt and an openwrt access point.
The openwrt WAN port is connected to the ISP modem and firewall zoned under WAN.

How and why would it be possible for my ISP to see the openwrt devices behind my router?
My ISP seemed to be able to see or know that there were (at least) 2 devices behind my router. I am wondering if and how this would be possible? Could I be missing a configuration option?

Does your ISP provide IPv6? Is it enabled and operational in your setup?

With IPv4 only and default setup only the router's mac is visible.
Unless you rebooted the router and while booting the LAN and WAN ports were passing packets without control.

1 Like

Some ideas:

  • Your ISP is watching the TTL value of the packets leaving your network.
  • Your ISP is tinkering with your HTTP connections, and planting cookies.
2 Likes

Or they just look into your browsing data and find out the browser agent and therefore the operating system. Not sure about the legality of that, though.

1 Like

My ISP provides IPv6 and IPv4. It is operational and enabled but I'm not IPv6 savvy.

I might have restarted my OpenWrt.

Would they be able to see device manufacturing details using these methods?
E.g. D-Link, TP-Link

1 Like

No, I do not think they can detect the router manufacturer or operating system, just the fact that there is an intermediate router, even if you use NAT.

Perhaps you could tell us what did your ISP told you.

I called for a connectivity check, that they saw 2 devices behind their modem and mentioning the device manufacturer...

Then most likely you restarted the router and some lan traffic passed to the wan while it was booting.

2 Likes

@trendy's explanation is plausible. There is also the possibility to see what kind of device you have if a device uses SLAAC in its ipv6 addresses (because the MAC address is included) This is why privacy addresses are common now.

But most likely it's trendy's explanation. The solution is to do the cable modem dance:

  1. turn off router
  2. turn off cable modem
  3. turn on router, wait 1 minute until router is fully operational
  4. turn on cable modem

this also works for DSL or other ISP devices. The idea is that you want the router to go through its full bootup process without the modem able to hear anything... this ensures the switch chip is fully configured before the modem gets turned on. After that, in terms of MAC addresses, there's just your router as far as they are concerned. The other mechanisms are still possible though.

2 Likes

Or when you need to turn off or restart your router, instead of turning the modem off you can just disconnect the router off the modem until the router is fully operational.

2 Likes

If your devices are using IPv6 EUI64 addressing, they would know the manufacturer of those clients.

See: https://packetlife.net/blog/2008/aug/04/eui-64-ipv6/