Hostname including Domain name....Really needed ?

Message boards : Number crunching : Hostname including Domain name....Really needed ?
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399268 - Posted: 16 Aug 2006, 11:50:44 UTC

I saw the hostnames listed in my stats......complete with the domain name.

Are this really needed ?

Only the hostname would be better for me.............the complete domain could be sometimes an indiscretion.

I know that normal visitor can't see it at my stats, but its still data that not must be sent over the firewall out of the network and furthermore it will be not needed for the project or i'm wrong ?
ID: 399268 · Report as offensive
Profile m00kie

Send message
Joined: 18 Jun 00
Posts: 19
Credit: 764,288
RAC: 0
Cuba
Message 399273 - Posted: 16 Aug 2006, 11:59:21 UTC
Last modified: 16 Aug 2006, 12:04:25 UTC

I'm not sure why this concerns you as only you can see it.
As for me, I like seeing the IP. It has helped me at times when I've needed to access that machine remotely.

(edited because I misread what you were saying)
Proud member of Team Starfire World BOINC

ID: 399273 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399283 - Posted: 16 Aug 2006, 12:16:56 UTC - in response to Message 399273.  

I'm not sure why this concerns you as only you can see it.
As for me, I like seeing the IP. It has helped me at times when I've needed to access that machine remotely.

(edited because I misread what you were saying)


Hmm, i may have not explained the circumstance completely.....

I have access to dozens of servers of customers before the servers get "productive" or before they even get delivered to the customers. Mostly for a time period of a week or severals weeks.

Some of them are already installed with the customer domain, some not. Whatever, i dislike that the domain name get out of the network. This I called before an "indiscretion", at the most when its not really needed for the project. I'm not care about the hostname and also not care about the IP. A proper firewall will does his work there usually.
ID: 399283 · Report as offensive
Astro
Volunteer tester
Avatar

Send message
Joined: 16 Apr 02
Posts: 8026
Credit: 600,015
RAC: 0
Message 399300 - Posted: 16 Aug 2006, 12:26:55 UTC

hmmm, it is out there as you say, however only you and seti can see them. If you click on my username, then view my puters you don't see that info for my hosts/account, although I can see it when I view mine.
ID: 399300 · Report as offensive
Profile Trog Dog
Avatar

Send message
Joined: 18 May 02
Posts: 25
Credit: 208,371
RAC: 0
Australia
Message 399324 - Posted: 16 Aug 2006, 13:18:38 UTC - in response to Message 399268.  

I saw the hostnames listed in my stats......complete with the domain name.

Are this really needed ?

Only the hostname would be better for me.............the complete domain could be sometimes an indiscretion.

I know that normal visitor can't see it at my stats, but its still data that not must be sent over the firewall out of the network and furthermore it will be not needed for the project or i'm wrong ?


G'day Pfister

I had this problem once on a win98 box. The problem was one of the network configuration dialogues it asked for a domain name so I had entered the domain name (workgroup name) there. After clearing it from the dialogue/settings box it was no longer reported by BOINC. The box wasn't in a proper domain just a peer to peer network - I kept the domain name as the workgroup name, as it always had been and noticed no change in the performance of the network. I don't know how your network is configured but I would look down this avenue.
ID: 399324 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399346 - Posted: 16 Aug 2006, 13:56:56 UTC - in response to Message 399324.  
Last modified: 16 Aug 2006, 13:58:41 UTC

I saw the hostnames listed in my stats......complete with the domain name.

Are this really needed ?

Only the hostname would be better for me.............the complete domain could be sometimes an indiscretion.

I know that normal visitor can't see it at my stats, but its still data that not must be sent over the firewall out of the network and furthermore it will be not needed for the project or i'm wrong ?


G'day Pfister

I had this problem once on a win98 box. The problem was one of the network configuration dialogues it asked for a domain name so I had entered the domain name (workgroup name) there. After clearing it from the dialogue/settings box it was no longer reported by BOINC. The box wasn't in a proper domain just a peer to peer network - I kept the domain name as the workgroup name, as it always had been and noticed no change in the performance of the network. I don't know how your network is configured but I would look down this avenue.


Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october.

I saw in the ranklist that the hosts on the leader are "hided". Maybee an moderator can give me more hints about that.

The 10k credits u see at my stats are builded from a P3 664 MHz. I let em run since the last november :-)
I just started this week again to participate more often with the BOINC projects.
ID: 399346 · Report as offensive
Profile 5 and a half of 13
Volunteer tester
Avatar

Send message
Joined: 21 Jan 02
Posts: 240
Credit: 21,261
RAC: 0
Message 399354 - Posted: 16 Aug 2006, 14:27:00 UTC - in response to Message 399346.  
Last modified: 16 Aug 2006, 14:36:21 UTC

Snip.....
I saw in the ranklist that the hosts on the leader are "hided". Maybee an moderator can give me more hints about that.

snip...


Like mmcaistro explained, only you can see the hostnames of your machines. The BOINC-Wiki should be able to tell you how to hide your machines, I can't remember.

PS: look under 'Your Account', 'Preferences' 'Seti@home Preferences' and change
'Should SETI@home show your computers on its web site?' to 'no'
Need help? Check out the excellent Unofficial BOINC-Wiki!
'We are the BOINC. Prepare to be assimilated.'
ID: 399354 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399389 - Posted: 16 Aug 2006, 15:51:01 UTC - in response to Message 399354.  

Snip.....
I saw in the ranklist that the hosts on the leader are "hided". Maybee an moderator can give me more hints about that.

snip...


Like mmcaistro explained, only you can see the hostnames of your machines. The BOINC-Wiki should be able to tell you how to hide your machines, I can't remember.

PS: look under 'Your Account', 'Preferences' 'Seti@home Preferences' and change
'Should SETI@home show your computers on its web site?' to 'no'


Thanks alot for the info, i changed it already....

But the client still sends the data out.......maybee the right thing for a feature request ?

Not that you guys get me wrong.......but some clients can get really annoying....they like to know every bit of the dataflow goes out of the firewall........business......
ID: 399389 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 399394 - Posted: 16 Aug 2006, 16:24:35 UTC - in response to Message 399346.  
Last modified: 16 Aug 2006, 16:47:33 UTC

Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october.

As others have stated, you are the only person who can see the host names and IP addresses.

IP addresses that will presumably change when the machines are actually installed, and addresses that should be in private IP space (RFC-1918).

... if you are this worried that your customer's domain name has somehow been compromised, then maybe you should not use SETI for "burn in" or should plan on changing server names once burn-in is complete.

It isn't something that anyone else can see.

ID: 399394 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 399396 - Posted: 16 Aug 2006, 16:27:05 UTC - in response to Message 399389.  


Not that you guys get me wrong.......but some clients can get really annoying....they like to know every bit of the dataflow goes out of the firewall........business......

This isn't annoying, this is smart. Security is important, and I think in general that we should be incredibly careful about what runs on servers and workstations in a corporate environment.

The average employee is the single biggest threat to data security.
ID: 399396 · Report as offensive
Josef W. Segur
Volunteer developer
Volunteer tester

Send message
Joined: 30 Oct 99
Posts: 4504
Credit: 1,414,761
RAC: 0
United States
Message 399432 - Posted: 16 Aug 2006, 17:05:58 UTC - in response to Message 399394.  

Thanks for your input, but my computers/servers are mostly used in an active directory domain, like in any company. Actually i'm installing a new IT enviroment for a company with 24 dual cpu servers. Thats a total of 48 x Xeon cpu's with 3.6 GHz. The best of it, they stay at the moment in our setup lab and will not be used until mid of october.

As others have stated, you are the only person who can see the host names and IP addresses.

IP addresses that will presumably change when the machines are actually installed, and addresses that should be in private IP space (RFC-1918).

... if you are this worried that your customer's domain name has somehow been compromised, then maybe you should not use SETI for "burn in" or should plan on changing server names once burn-in is complete.

It isn't something that anyone else can see.

I'm willing to bet that Matt Lebofsky could see all details for anyone's account.

But the issue is not what is shown to others intentionally, it is whether BOINC is protecting what should be private data. By sending it in plain text back to the servers there is the possibilty it could be intercepted.

Personally, if given the choice I'd allow BOINC to continue sending what it now does. But IMO an option to not send anything more than absolutely necessary should be provided for those who value privacy highly.

Note: Hiding computers in preferences has no effect on what is sent back to the servers.
                                                      Joe
ID: 399432 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 399441 - Posted: 16 Aug 2006, 17:19:08 UTC - in response to Message 399432.  


I'm willing to bet that Matt Lebofsky could see all details for anyone's account.

In every system I've ever seen, there exists some person who can see everything, and some person who can insert malicious code into any application.

This is not limited to distributed computing, it can happen anywhere.

This is why, if Phister Online's customer is highly security conscious that they have a right to control what is known about their machines, and an obligation (in this day of Sarbanes/Oxley) to protect them.

If this is a public corporation, people can go to jail because of security breaches.

So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure.

Do I think BOINC is a security threat? No, absolutely not. Do I think it could be turned into a SOX compliance issue? You bet!

ID: 399441 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399507 - Posted: 16 Aug 2006, 19:25:57 UTC - in response to Message 399441.  
Last modified: 16 Aug 2006, 19:30:52 UTC

So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure.


Thats exactly the point i'm talking about. Guess alot of BOINC users are IT professionals and quiet familiar with security issues. Its not really a problem about not trusting anybody of Seti or other programs. They do very good work and i would enjoy to spare my possibilities with their projects.

But like we know all, control are better as trust and i would like to be sure that no compromising data goes out to the internet, secure or not.

CPU power ? No problem, got enough of them. But please no network data.....

Could bring someone light in this thing ?
ID: 399507 · Report as offensive
Profile Toby
Volunteer tester
Avatar

Send message
Joined: 26 Oct 00
Posts: 1005
Credit: 6,366,949
RAC: 0
United States
Message 399510 - Posted: 16 Aug 2006, 19:30:58 UTC

None of my windows machines report the domain name. On my linux machines, they do or don't, depending on how I have my /etc/hosts file set up. I'm pretty sure this is an OS configuration issue. All BOINC does is query the OS for its hostname. If the OS returns the full domain then BOINC includes it - otherwise it only reports the hostname without the domain.
A member of The Knights Who Say NI!
For rankings, history graphs and more, check out:
My BOINC stats site
ID: 399510 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399512 - Posted: 16 Aug 2006, 19:38:02 UTC - in response to Message 399510.  
Last modified: 16 Aug 2006, 19:45:17 UTC

None of my windows machines report the domain name. On my linux machines, they do or don't, depending on how I have my /etc/hosts file set up. I'm pretty sure this is an OS configuration issue. All BOINC does is query the OS for its hostname. If the OS returns the full domain then BOINC includes it - otherwise it only reports the hostname without the domain.


Then they aren't in a domain, mine are all or at least 98% of them.

But if that what you writing is correct it would be fine for me.....

Otherwise, would it be a big work to offer a possibility to limit the hostname with a simple click ? Or better to be limited in the default settings already. So no bad feelings can arise to cut the discussion already at the start.

Last but not least if there are a trick to supress the domain name be SENT(of course on domain member computers, server or dc's......that would fullfill my wishes already.
ID: 399512 · Report as offensive
Profile Toby
Volunteer tester
Avatar

Send message
Joined: 26 Oct 00
Posts: 1005
Credit: 6,366,949
RAC: 0
United States
Message 399536 - Posted: 16 Aug 2006, 20:10:11 UTC
Last modified: 16 Aug 2006, 20:11:37 UTC

Looking at the code and the MS docs it would appear that you are correct. The BOINC code uses the "hostent struct" (in client/hostinfo_network.C ) for detemining the IP and hostname. The host name is stored in the h_name field. From MS winsock docs:

h_name
Official name of the host (PC). If using the DNS or similar resolution system, it is the Fully Qualified Domain Name (FQDN) that caused the server to return a reply. If using a local hosts file, it is the first entry after the IP address.


I also found some CVS checkin notes from 2004 where Dr. Anderson said linux was reporting the FQDN and that this was not intended so he fixed it. Looks like this *might* be a bug in the windows BOINC client. Will have to look some more after work.
A member of The Knights Who Say NI!
For rankings, history graphs and more, check out:
My BOINC stats site
ID: 399536 · Report as offensive
Profile Pappa
Volunteer tester
Avatar

Send message
Joined: 9 Jan 00
Posts: 2562
Credit: 12,301,681
RAC: 0
United States
Message 399668 - Posted: 16 Aug 2006, 23:26:46 UTC - in response to Message 399507.  

I am late

You asked the question about domain/network information... If machines are "domain members" some information that would go out over the wire can be removed... In some cases of "some" Server functions is can not!
In Win2K and XP it is fairly easy to remove the information from being stored in the stack.

Right Click on My Computer and go to Properties...

Win2K
Select the Network Identification Tab about halfway down you see To rename this computer or join a domain, click Properties

When you click on Properties, you will see. Identification Changes open... with the computer name and a More Button... Click More
In the window where is states Primary DNS suffix of this computer you will find the Domain Name that is being sent to BOINC. If you blank that out then it will not report the Domain.

Win XP
Select the Computer Name Tab, and then the Change Button...
Computer Name changes Tab and then the More Button...
In the window where is states Primary DNS suffix of this computer you will find the Domain Name that is being sent to BOINC. If you blank that out then it will not report the Domain.

So in cases where going to some place on the network (over TCP) it would be required... Or cases of servers such as Exchange the FQDN is required... Most workstations do not care... Some other server configurations do care (IF it authenticates a User (over TCP) for access purposes it cares)... Or if seperate specific DNS records were created that are not active directory reliant... But then that is a book or two of knowledge...

As Toby has shown, some of the information was desired to be collected...

Pappa

So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure.


Thats exactly the point i'm talking about. Guess alot of BOINC users are IT professionals and quiet familiar with security issues. Its not really a problem about not trusting anybody of Seti or other programs. They do very good work and i would enjoy to spare my possibilities with their projects.

But like we know all, control are better as trust and i would like to be sure that no compromising data goes out to the internet, secure or not.

CPU power ? No problem, got enough of them. But please no network data.....

Could bring someone light in this thing ?


Please consider a Donation to the Seti Project.

ID: 399668 · Report as offensive
kevint
Volunteer tester

Send message
Joined: 17 May 99
Posts: 414
Credit: 11,680,240
RAC: 0
United States
Message 399766 - Posted: 17 Aug 2006, 2:47:51 UTC - in response to Message 399268.  

I saw the hostnames listed in my stats......complete with the domain name.

Are this really needed ?

Only the hostname would be better for me.............the complete domain could be sometimes an indiscretion.

I know that normal visitor can't see it at my stats, but its still data that not must be sent over the firewall out of the network and furthermore it will be not needed for the project or i'm wrong ?



I believe this is the case when running windows 98 or winme - I have not seen the domain on any XP box.

ID: 399766 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 399792 - Posted: 17 Aug 2006, 4:17:20 UTC - in response to Message 399507.  

So, ultimately, we have to decide for ourselves that we trust Matt, and Eric, and Rom, and David. What Phister Online has to do is decide if he can morally and legally trust them on behalf of this mystery customer -- especially if he's doing so without full disclosure.


Thats exactly the point i'm talking about. Guess alot of BOINC users are IT professionals and quiet familiar with security issues. Its not really a problem about not trusting anybody of Seti or other programs. They do very good work and i would enjoy to spare my possibilities with their projects.

Yet, you ignored the more important post. In the current regulatory environment, in a public corporation, people can go to jail for network breaches.

I've heard of some incredibly insane things done in the name of Sarbanes/Oxley.

If your client/customer is in this kind of a position, you should not load anything beyond the bare minimum on their machines.

ID: 399792 · Report as offensive
Pfister Online

Send message
Joined: 1 Nov 05
Posts: 9
Credit: 344,994
RAC: 0
Switzerland
Message 399876 - Posted: 17 Aug 2006, 7:15:09 UTC - in response to Message 399792.  
Last modified: 17 Aug 2006, 8:14:35 UTC

Hey hey friends.......please don't expand the "problem" more as needed :-)

Atually I installed the BOINC clients for test purpose on approx 10 machines, all of them on NON productive systems. So i'm quiet sure to not stay with one feet in the jail yet.... :-)

But my question doesnt points to this part.

Trying to seize my ongoing questions and this discussion together:

- When a host are a member of a domain, not care about the role and the OS of the host, the Fully Qualified Domain Name are reported to the BOINC projects. Even a manual hosts entry doesnt helps, I tried it already, but this would be anyway an annoying workaround (manual entry, reboot, don't forget it to remove at the end etc.)
- When a host are a member of a workgroup only the single hostname without workgroup are reported to the BOINC projects

And no, I'm not talking about Win9x or anything like that. For business and private I'm using actually only Win2k or XP or Win2k03.

Toby's explanation of the query of the BOINC clients would support these "assumptions":

Looking at the code and the MS docs it would appear that you are correct. The BOINC code uses the "hostent struct" (in client/hostinfo_network.C ) for detemining the IP and hostname. The host name is stored in the h_name field. From MS winsock docs:

h_name
Official name of the host (PC). If using the DNS or similar resolution system, it is the Fully Qualified Domain Name (FQDN) that caused the server to return a reply. If using a local hosts file, it is the first entry after the IP address.


I also found some CVS checkin notes from 2004 where Dr. Anderson said linux was reporting the FQDN and that this was not intended so he fixed it. Looks like this *might* be a bug in the windows BOINC client. Will have to look some more after work.


Like he says, it could be a "bug" in the windows client and maybee it will be fixed soon. So it's for me at the moment "pending", the support work ongoing and finally fine for me.

At this place i like to congratulate to this forum, I got alot of response in 24 hours and also a believable explanation. Top work !


But to answers the many posts about: "Why you care about it and why you let the client run then...?"

Hey, i would like to participate with the projects.....whats wrong with it ? The BOINC client are in my view NOT a security issue, I dislike only the reported FQDN. And........it's just a simple question and if this will be solved....everything will be fine for me........
Don't forget, i called it in my intitial post an "indiscretion", not a security problem..........

Ha ha, i forgot to mention my main reason to join BOINC projects, especially Seti@Home......its simple...meeting new nice peoples with similar interests. The "dream factor" are also present on this........and i hate computers they doesnt work....just turning there empty rounds.....if you know what i mean. This while I even gave my private exchange server also additional 60% cpuload.....ha ha.......let em work !!

------------------------------------

BUT to be serious just for a moment:

The BOINC client report so i know at the moment.

- Fully Qualified Domain Name like hostname.mydomain.fqdn (my question)
- Local IP Range like 192.168.1.1 (i'm not care, for this you got an firewall)
- External IP like 212.67.xxx.xxx (still not care....)
- OS including SP level (hmm, discutable....but used for some nice statistic reasons, I can live with it....)
- lotsa of other stuff like disk, cpu id, benchmarks etc. (not worth to mention)

And finally, if you install it as service, the BOINC clients knows (not send) an account with at least Logon as service right.

So, if you take all this together and thinks as professional about security issues in general, some bad feelings COULD pop up......

I believe I can trust anybody of the BOINC projects but to stop the ongoing discussion, it would be the best to NOT send the FQDN, just the single hostname. With this I would be happy already, the rest I can handle myself.
ID: 399876 · Report as offensive
1 · 2 · Next

Message boards : Number crunching : Hostname including Domain name....Really needed ?


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.