Thank you for the explanation.
Will they only see the operating system of the template being updated, or the operating system of the template on which our sys-net is based?
Do you state this based on all your knowledge or do you have any specific links, knowledge resources that you can share? Although I am not a technical user, I was interested in this topic.
Regarding to the fact, that sys-net only forwards packets and is not a full blown proxy, they see the TCP packets generated by the OS, thats being updated.
Except the ones for DOM0, these updates are downloaded by the sys-firewall vm, so the TCP-packets are generated from there.
As i wrote, “AFAIK”.
If you know something about more detailed OS detection that “linux” or “windows”, i guess, the audience will be happy to read something from you.
If you are interested in some deeper explanations, you can find something, if you search for it, like (for example Packet Inspection for Unauthorized OS Detection in Enterprises - InfoQ)
If I update templates and dom0 by sys-whonix then:
1 When updating templates, it is sys-whonix that generates TCP and the operating systems of each updated template cannot be recognized.
2 When updating dom0, updates are downloaded by sys-whonix and it is sys-whonix that generates TCP. In this case, the dom0 operating system and the sys-firewall operating system cannot be recognized (in principle, sys-firewall can be deleted).
Is my thinking correct?
I’m exploring this topic and when I’m done I’ll be happy to share the results. Thank you for the link.
You can look into “Qubes OS global config” → “Updates”. There are 3 VMs specified as update proxy, “Dom0 update proxy”, “Default update proxy” and “Whonix update proxy”.
As far as i understand the docu, these 3 proxy VMs (not necessarily different) downloads the updates, so the ISP see only the OS of that VMs. Dom0 and the templates have no own network.
Only, if you, for whatever reason, enable network for a template, the isp will see these OS.
And if i read correct the different sources on the internet, the OS fingerprinting is not absolutely correct, so afaik, only the type of OS (in case of linux distributions) can be recognized with a fairly amount of correctness, not the exact distro of linux. Additionally, all linux VMs uses (per default) the same kernel (the one, that Dom0 is running onto)and not the distro specific one.
If you open a terminal in any of your App-VMs and call “uname -a”, you see the same fc37-kernel and not the distro specific one, that comes with the template.
I wonder how these two posts relate to each other
Taking into account the second quote, the situation should look like this:
When updating a template, the ISP should see the TCP packets that are generated by the template update proxy VM and they will be specific to the operating system that the update proxy VM is using, not the template itself.
For example, an update proxy virtual machine uses Fedora and updates a Debian template, the ISP sees the TCP packets generated by the update proxy virtual machine and specific to Fedora (not Debian).
Hmm, as far as i know and as far as i read the docu correct, yes.
But maybe someone with deeper knowledge about that can approve or correct it?
@unman or @solene ???
I wonder how these two posts relate to each other
Hmm, yes, you are right. The first of the two of my posts, that you mention, are not completely correct.