Re: Disable ZeroConf: how to ?
On to, 2011-03-03 at 12:47 +0100, Bastien ROUCARIES wrote:
> some package announce their existance to the world without any admin decision!
> It is not a fud and a security hole!
That's a vague generality... which packages? You mentioned phpmyadmin.
What are the actual problems that results from this announcement? What
bad things happen from it? Can the fact that you have phpmyadmin become
known to an attacker via port scanning, or similar techniques? If so,
does it matter if phpmyadmin also announces things via avahi? What do
you suggest as a solution? Would a blanket policy of having all services
to default to not announce themselves? What would the problems from such
a policy be?
(I don't know much about this stuff, and I don't particularly care, but
it'd be nice if we could turn the discussion into a constructive one.)