Re: Disable ZeroConf: how to ?

To: debian-devel@lists.debian.org
Subject: Re: Disable ZeroConf: how to ?
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 03 Mar 2011 12:16:57 +0000
Message-id: <[🔎] 1299154617.2561.23.camel@tacticus>
In-reply-to: <[🔎] AANLkTinkQ=Q8wX45zbODT7WqUwX2OqjX_y5W-X-aJT2y@mail.gmail.com>
References: <[🔎] 201103021825.32204.roucaries.bastien@gmail.com> <[🔎] 87pqq9kwd1.fsf@sonic.technologeek.org> <[🔎] 20110302225642.GC17584@ikki.ethgen.ch> <[🔎] 4D6EFE56.8030707@ubuntu.com> <[🔎] 20110303100247.GA20678@ikki.ethgen.ch> <[🔎] 87sjv4jybg.fsf@qurzaw.varnish-software.com> <[🔎] 20110303105413.GB20678@ikki.ethgen.ch> <[🔎] 1299151335.2561.17.camel@tacticus> <[🔎] AANLkTikC2z4-3c9QhBVDYbvsJyNc6yd6KOfK2OpSmbNH@mail.gmail.com> <[🔎] AANLkTinkQ=Q8wX45zbODT7WqUwX2OqjX_y5W-X-aJT2y@mail.gmail.com>

On to, 2011-03-03 at 12:47 +0100, Bastien ROUCARIES wrote:
> some package announce their existance to the world without any admin decision!
> It is not a fud  and a security hole!

That's a vague generality... which packages? You mentioned phpmyadmin.
What are the actual problems that results from this announcement? What
bad things happen from it? Can the fact that you have phpmyadmin become
known to an attacker via port scanning, or similar techniques? If so,
does it matter if phpmyadmin also announces things via avahi? What do
you suggest as a solution? Would a blanket policy of having all services
to default to not announce themselves? What would the problems from such
a policy be?

(I don't know much about this stuff, and I don't particularly care, but
it'd be nice if we could turn the discussion into a constructive one.)

Reply to:

Follow-Ups:
- Re: Disable ZeroConf: how to ?
  - From: Olaf van der Spek <olafvdspek@gmail.com>

References:
- Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Julien BLACHE <jblache@debian.org>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Chow Loong Jin <hyperair@ubuntu.com>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Lars Wirzenius <liw@liw.fi>
- Re: Disable ZeroConf: how to ?
  - From: Sujit Karatparambil <sujit.kmadhavan@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Prev by Date: Re: Disable ZeroConf: how to ?
Next by Date: Re: Disable ZeroConf: how to ?
Previous by thread: Re: Disable ZeroConf: how to ?
Next by thread: Re: Disable ZeroConf: how to ?
Index(es):
- Date
- Thread