Re: Disable ZeroConf: how to ?
All in all, I donot agree with bubble talk we are getting here. I
donot think people
who are just talking with sheer imagination with computer illiteracy
to come here.
This is high volume site. People over here do some real work. It cannot be used
to malice a set of people.
> [~]# netstat -ap|grep avahi
> udp 0 0 *:mdns *:* 1622/avahi-daemon:
> udp 0 0 *:45282 *:* 1622/avahi-daemon:
> udp6 0 0 [::]:mdns [::]:* 1622/avahi-daemon:
> udp6 0 0 [::]:58036 [::]:* 1622/avahi-daemon:
Down Comment.
> I admit I didn't notice this before, as I would never expect a _client_
> system to have some crap listening by default. And it is world-reachable
> -- am I supposed to ensure the top s1kr3t address
> 2001:6a0:118:0:22cf:30ff:fec3:d4b7 never leaks out? (oops...)
Where is the client in this? I donot get what you mean by a client.
Could you tell
me in Avahi what is a client.
> And why does it open this security hole? To make it slightly easier to
What security hole?
> configure link-local instant messages. Who exactly is going to need that
> these days? The times of local networks disconnected from the world are
Donot get what you mean.
> mostly over. You have some non-networked machines here and there, but if
> there's a network of some kind, it almost always is globally connected.
> These few places that do have airwalled networks definitely don't want to
> run link-local chat...
what do you mean by airwalled network? could you give some specific example.
> So, any gain is infinitessimally small, and the risk is real. Even daemons
> coded by most security-minded people that have seen a lot of review do have
> exploitable holes once in a while, so I expect Avahi to fare no better.
Could you get specific with the security holes to be looked for ?
Reply to: