Re: Assorted arm-buster problems - network configuration
On 7/7/19, andreimpopescu@gmail.com <andreimpopescu@gmail.com> wrote:
> On Sb, 06 iul 19, 15:36:37, Lee wrote:
>>
>> "an accident waiting to happen" was from me and I also gave the rfc
>> for mdns, so that's hardly "nothing of substance to support that
>> view." If you're having trouble finding the rfc, it's here
>> https://tools.ietf.org/html/rfc6762
>
> Care to elaborate though?
While reading about a security issue I came across the line "An
insecure protocol will eventually be exploited." - which sounds right
to me. And the standard q&a for most security issues involving an
insecure protocol seems to be
q: how do i prevent <bad thing> from happening?
a: by not allowing it in the first place.
Hopefully we're clear about my bias now :)
> The dangers are not at all obvious to me, possibly because I haven't
> used it much (if at all).
Read the first three paragraph of the "Security Considerations" section
https://tools.ietf.org/html/rfc6762#section-21
Assuming everything on the network is a trusted host is a dangerous
assumption, so paragraph 1 is N/A
Assuming a trusted host won't get hacked is a dangerous assumption, so
paragraph 3 is N/A.
All that's left is paragraph 2 -- and uninstalling whatever software
uses mDNS :)
Regards,
Lee
Reply to: