Message boards :
Number crunching :
Hostname including Domain name....Really needed ?
Message board moderation
Author | Message |
---|---|
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
I saw the hostnames listed in my stats......complete with the domain name. Are this really needed ? Only the hostname would be better for me.............the complete domain could be sometimes an indiscretion. I know that normal visitor can't see it at my stats, but its still data that not must be sent over the firewall out of the network and furthermore it will be not needed for the project or i'm wrong ? |
m00kie Send message Joined: 18 Jun 00 Posts: 19 Credit: 764,288 RAC: 0 |
I'm not sure why this concerns you as only you can see it. As for me, I like seeing the IP. It has helped me at times when I've needed to access that machine remotely. (edited because I misread what you were saying) Proud member of Team Starfire World BOINC |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
I'm not sure why this concerns you as only you can see it. Hmm, i may have not explained the circumstance completely..... I have access to dozens of servers of customers before the servers get "productive" or before they even get delivered to the customers. Mostly for a time period of a week or severals weeks. Some of them are already installed with the customer domain, some not. Whatever, i dislike that the domain name get out of the network. This I called before an "indiscretion", at the most when its not really needed for the project. I'm not care about the hostname and also not care about the IP. A proper firewall will does his work there usually. |
Astro Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0 |
hmmm, it is out there as you say, however only you and seti can see them. If you click on my username, then view my puters you don't see that info for my hosts/account, although I can see it when I view mine. |
Trog Dog Send message Joined: 18 May 02 Posts: 25 Credit: 208,371 RAC: 0 |
I saw the hostnames listed in my stats......complete with the domain name. G'day Pfister I had this problem once on a win98 box. The problem was one of the network configuration dialogues it asked for a domain name so I had entered the domain name (workgroup name) there. After clearing it from the dialogue/settings box it was no longer reported by BOINC. The box wasn't in a proper domain just a peer to peer network - I kept the domain name as the workgroup name, as it always had been and noticed no change in the performance of the network. I don't know how your network is configured but I would look down this avenue. |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
I saw the hostnames listed in my stats......complete with the domain name. Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october. I saw in the ranklist that the hosts on the leader are "hided". Maybee an moderator can give me more hints about that. The 10k credits u see at my stats are builded from a P3 664 MHz. I let em run since the last november :-) I just started this week again to participate more often with the BOINC projects. |
5 and a half of 13 Send message Joined: 21 Jan 02 Posts: 240 Credit: 21,261 RAC: 0 |
Snip..... Like mmcaistro explained, only you can see the hostnames of your machines. The BOINC-Wiki should be able to tell you how to hide your machines, I can't remember. PS: look under 'Your Account', 'Preferences' 'Seti@home Preferences' and change 'Should SETI@home show your computers on its web site?' to 'no' Need help? Check out the excellent Unofficial BOINC-Wiki! 'We are the BOINC. Prepare to be assimilated.' |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
Snip..... Thanks alot for the info, i changed it already.... But the client still sends the data out.......maybee the right thing for a feature request ? Not that you guys get me wrong.......but some clients can get really annoying....they like to know every bit of the dataflow goes out of the firewall........business...... |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october. As others have stated, you are the only person who can see the host names and IP addresses. IP addresses that will presumably change when the machines are actually installed, and addresses that should be in private IP space (RFC-1918). ... if you are this worried that your customer's domain name has somehow been compromised, then maybe you should not use SETI for "burn in" or should plan on changing server names once burn-in is complete. It isn't something that anyone else can see. |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
This isn't annoying, this is smart. Security is important, and I think in general that we should be incredibly careful about what runs on servers and workstations in a corporate environment. The average employee is the single biggest threat to data security. |
Josef W. Segur Send message Joined: 30 Oct 99 Posts: 4504 Credit: 1,414,761 RAC: 0 |
Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october. I'm willing to bet that Matt Lebofsky could see all details for anyone's account. But the issue is not what is shown to others intentionally, it is whether BOINC is protecting what should be private data. By sending it in plain text back to the servers there is the possibilty it could be intercepted. Personally, if given the choice I'd allow BOINC to continue sending what it now does. But IMO an option to not send anything more than absolutely necessary should be provided for those who value privacy highly. Note: Hiding computers in preferences has no effect on what is sent back to the servers. Joe |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
In every system I've ever seen, there exists some person who can see everything, and some person who can insert malicious code into any application. This is not limited to distributed computing, it can happen anywhere. This is why, if Phister Online's customer is highly security conscious that they have a right to control what is known about their machines, and an obligation (in this day of Sarbanes/Oxley) to protect them. If this is a public corporation, people can go to jail because of security breaches. So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure. Do I think BOINC is a security threat? No, absolutely not. Do I think it could be turned into a SOX compliance issue? You bet! |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure. Thats exactly the point i'm talking about. Guess alot of BOINC users are IT professionals and quiet familiar with security issues. Its not really a problem about not trusting anybody of Seti or other programs. They do very good work and i would enjoy to spare my possibilities with their projects. But like we know all, control are better as trust and i would like to be sure that no compromising data goes out to the internet, secure or not. CPU power ? No problem, got enough of them. But please no network data..... Could bring someone light in this thing ? |
Toby Send message Joined: 26 Oct 00 Posts: 1005 Credit: 6,366,949 RAC: 0 |
None of my windows machines report the domain name. On my linux machines, they do or don't, depending on how I have my /etc/hosts file set up. I'm pretty sure this is an OS configuration issue. All BOINC does is query the OS for its hostname. If the OS returns the full domain then BOINC includes it - otherwise it only reports the hostname without the domain. A member of The Knights Who Say NI! For rankings, history graphs and more, check out: My BOINC stats site |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
None of my windows machines report the domain name. On my linux machines, they do or don't, depending on how I have my /etc/hosts file set up. I'm pretty sure this is an OS configuration issue. All BOINC does is query the OS for its hostname. If the OS returns the full domain then BOINC includes it - otherwise it only reports the hostname without the domain. Then they aren't in a domain, mine are all or at least 98% of them. But if that what you writing is correct it would be fine for me..... Otherwise, would it be a big work to offer a possibility to limit the hostname with a simple click ? Or better to be limited in the default settings already. So no bad feelings can arise to cut the discussion already at the start. Last but not least if there are a trick to supress the domain name be SENT(of course on domain member computers, server or dc's......that would fullfill my wishes already. |
Toby Send message Joined: 26 Oct 00 Posts: 1005 Credit: 6,366,949 RAC: 0 |
Looking at the code and the MS docs it would appear that you are correct. The BOINC code uses the "hostent struct" (in client/hostinfo_network.C ) for detemining the IP and hostname. The host name is stored in the h_name field. From MS winsock docs: h_name I also found some CVS checkin notes from 2004 where Dr. Anderson said linux was reporting the FQDN and that this was not intended so he fixed it. Looks like this *might* be a bug in the windows BOINC client. Will have to look some more after work. A member of The Knights Who Say NI! For rankings, history graphs and more, check out: My BOINC stats site |
Pappa Send message Joined: 9 Jan 00 Posts: 2562 Credit: 12,301,681 RAC: 0 |
I am late You asked the question about domain/network information... If machines are "domain members" some information that would go out over the wire can be removed... In some cases of "some" Server functions is can not! In Win2K and XP it is fairly easy to remove the information from being stored in the stack. Right Click on My Computer and go to Properties... Win2K Select the Network Identification Tab about halfway down you see To rename this computer or join a domain, click Properties When you click on Properties, you will see. Identification Changes open... with the computer name and a More Button... Click More In the window where is states Primary DNS suffix of this computer you will find the Domain Name that is being sent to BOINC. If you blank that out then it will not report the Domain. Win XP Select the Computer Name Tab, and then the Change Button... Computer Name changes Tab and then the More Button... In the window where is states Primary DNS suffix of this computer you will find the Domain Name that is being sent to BOINC. If you blank that out then it will not report the Domain. So in cases where going to some place on the network (over TCP) it would be required... Or cases of servers such as Exchange the FQDN is required... Most workstations do not care... Some other server configurations do care (IF it authenticates a User (over TCP) for access purposes it cares)... Or if seperate specific DNS records were created that are not active directory reliant... But then that is a book or two of knowledge... As Toby has shown, some of the information was desired to be collected... Pappa So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure. Please consider a Donation to the Seti Project. |
kevint Send message Joined: 17 May 99 Posts: 414 Credit: 11,680,240 RAC: 0 |
I saw the hostnames listed in my stats......complete with the domain name. I believe this is the case when running windows 98 or winme - I have not seen the domain on any XP box. |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure. Yet, you ignored the more important post. In the current regulatory environment, in a public corporation, people can go to jail for network breaches. I've heard of some incredibly insane things done in the name of Sarbanes/Oxley. If your client/customer is in this kind of a position, you should not load anything beyond the bare minimum on their machines. |
Pfister Online Send message Joined: 1 Nov 05 Posts: 9 Credit: 344,994 RAC: 0 |
Hey hey friends.......please don't expand the "problem" more as needed :-) Atually I installed the BOINC clients for test purpose on approx 10 machines, all of them on NON productive systems. So i'm quiet sure to not stay with one feet in the jail yet.... :-) But my question doesnt points to this part. Trying to seize my ongoing questions and this discussion together: - When a host are a member of a domain, not care about the role and the OS of the host, the Fully Qualified Domain Name are reported to the BOINC projects. Even a manual hosts entry doesnt helps, I tried it already, but this would be anyway an annoying workaround (manual entry, reboot, don't forget it to remove at the end etc.) - When a host are a member of a workgroup only the single hostname without workgroup are reported to the BOINC projects And no, I'm not talking about Win9x or anything like that. For business and private I'm using actually only Win2k or XP or Win2k03. Toby's explanation of the query of the BOINC clients would support these "assumptions": Looking at the code and the MS docs it would appear that you are correct. The BOINC code uses the "hostent struct" (in client/hostinfo_network.C ) for detemining the IP and hostname. The host name is stored in the h_name field. From MS winsock docs: Like he says, it could be a "bug" in the windows client and maybee it will be fixed soon. So it's for me at the moment "pending", the support work ongoing and finally fine for me. At this place i like to congratulate to this forum, I got alot of response in 24 hours and also a believable explanation. Top work ! But to answers the many posts about: "Why you care about it and why you let the client run then...?" Hey, i would like to participate with the projects.....whats wrong with it ? The BOINC client are in my view NOT a security issue, I dislike only the reported FQDN. And........it's just a simple question and if this will be solved....everything will be fine for me........ Don't forget, i called it in my intitial post an "indiscretion", not a security problem.......... Ha ha, i forgot to mention my main reason to join BOINC projects, especially Seti@Home......its simple...meeting new nice peoples with similar interests. The "dream factor" are also present on this........and i hate computers they doesnt work....just turning there empty rounds.....if you know what i mean. This while I even gave my private exchange server also additional 60% cpuload.....ha ha.......let em work !! ------------------------------------ BUT to be serious just for a moment: The BOINC client report so i know at the moment. - Fully Qualified Domain Name like hostname.mydomain.fqdn (my question) - Local IP Range like 192.168.1.1 (i'm not care, for this you got an firewall) - External IP like 212.67.xxx.xxx (still not care....) - OS including SP level (hmm, discutable....but used for some nice statistic reasons, I can live with it....) - lotsa of other stuff like disk, cpu id, benchmarks etc. (not worth to mention) And finally, if you install it as service, the BOINC clients knows (not send) an account with at least Logon as service right. So, if you take all this together and thinks as professional about security issues in general, some bad feelings COULD pop up...... I believe I can trust anybody of the BOINC projects but to stop the ongoing discussion, it would be the best to NOT send the FQDN, just the single hostname. With this I would be happy already, the rest I can handle myself. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.