Hello and welcome to the Tuesday, October 31st, 2021, 2023 edition of the Sands and Storms Center's

Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Yesterday I talked about how multicast DNS leaked Mac addresses in iOS and Mac OS.

And I figured it's maybe a good opportunity to talk a little bit more about multicast DNS.

It's certainly not a new problem or a new protocol, but often overlooked.

And I just want to point out that there is an awful lot of data

that's often being multicast to the network that identifies individual hosts regardless of

the Mac address. In particular on iOS and macOS devices,

the host name that's often being broadcast here includes by default, the username.

And then you always also see the exact hardware version,

including interestingly, the color of the particular device that you're using and also operating system version is being sent to the network.

This is really sort of more intended for a home network, small business networks, where you heavily rely on systems being able to auto discover resources like printers or in the sort of Apple

ecosystem things like a video streaming system. It's not limited to Apple, Android, Linux,

Microsoft, Windows, all of them use pretty much the same protocol and are sending these messages.

The problem then really becomes apparent if you're connecting such a device to a public network

and you're basically advertising yourself to everybody connected to that network.

The quickest, simplest fix here to me is just to name your system something that's not

easily identifiable and associated with you.

But other than that, you're pretty much left by sort of setting up firewall rules in order

to prevent these packets

from leaving your system. There's often no simple way to actually turn it off.

And, well, in iOS, actually not aware of any real good way to turn this off, given that there

...