Re: Assorted arm-buster problems - network configuration

To: andreimpopescu@gmail.com
Cc: debian-user@lists.debian.org
Subject: Re: Assorted arm-buster problems - network configuration
From: Lee <ler762@gmail.com>
Date: Mon, 8 Jul 2019 13:37:26 -0400
Message-id: <[🔎] CAD8GWst_=-d_XO7+xXv3mJj-M-tnM9xjM0McnfxL1WhBfyEBUg@mail.gmail.com>
In-reply-to: <[🔎] 20190707064605.kgzdv7fy27tfamsw@localhost>
References: <201907031457.35664.gheskett@shentel.net> <[🔎] 20190704200508.GA20478@tuxteam.de> <[🔎] 04072019213537.4968e200b7ee@desktop.copernicus.org.uk> <[🔎] 201907050433.42568.gheskett@shentel.net> <[🔎] 05072019201413.473468c95aca@desktop.copernicus.org.uk> <[🔎] CAD8GWsu3oQcgkva0h+zdgUm-5weNC+PLNdO-ePvVTuSqAL3Lcw@mail.gmail.com> <[🔎] 05072019212108.88e717ccce62@desktop.copernicus.org.uk> <[🔎] 20190705204153.GF22544@tuxteam.de> <[🔎] slrnqi0m0f.211.curty@einstein.electron.org> <[🔎] CAD8GWst4KCpOv2dQAqda9F8i=ee0qEZaxyKGE+2nsSRHcAEPrQ@mail.gmail.com> <[🔎] 20190707064605.kgzdv7fy27tfamsw@localhost>

On 7/7/19, andreimpopescu@gmail.com <andreimpopescu@gmail.com> wrote:
> On Sb, 06 iul 19, 15:36:37, Lee wrote:
>>
>> "an accident waiting to happen" was from me and I also gave the rfc
>> for mdns, so that's hardly "nothing of substance to support that
>> view."  If you're having trouble finding the rfc, it's here
>>   https://tools.ietf.org/html/rfc6762
>
> Care to elaborate though?

While reading about a security issue I came across the line "An
insecure protocol will eventually be exploited." - which sounds right
to me.  And the standard q&a for most security issues involving an
insecure protocol seems to be
q: how do i prevent <bad thing> from happening?
a: by not allowing it in the first place.

Hopefully we're clear about my bias now :)

> The dangers are not at all obvious to me, possibly because I haven't
> used it much (if at all).

Read the first three paragraph of the "Security Considerations" section
  https://tools.ietf.org/html/rfc6762#section-21

Assuming everything on the network is a trusted host is a dangerous
assumption, so paragraph 1 is N/A

Assuming a trusted host won't get hacked is a dangerous assumption, so
paragraph 3 is N/A.

All that's left is paragraph 2 -- and uninstalling whatever software
uses mDNS :)

Regards,
Lee

Reply to:

Follow-Ups:
- Re: Assorted arm-buster problems - network configuration
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Assorted arm-buster problems - network configuration
  - From: Brian <ad44@cityscape.co.uk>

References:
- Re: Assorted arm-buster problems - network configuration
  - From: <tomas@tuxteam.de>
- Re: Assorted arm-buster problems - network configuration
  - From: Brian <ad44@cityscape.co.uk>
- Re: Assorted arm-buster problems - network configuration
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Assorted arm-buster problems - network configuration
  - From: Brian <ad44@cityscape.co.uk>
- Re: Assorted arm-buster problems - network configuration
  - From: Lee <ler762@gmail.com>
- Re: Assorted arm-buster problems - network configuration
  - From: Brian <ad44@cityscape.co.uk>
- Re: Assorted arm-buster problems - network configuration
  - From: <tomas@tuxteam.de>
- Re: Assorted arm-buster problems - network configuration
  - From: Curt <curty@free.fr>
- Re: Assorted arm-buster problems - network configuration
  - From: Lee <ler762@gmail.com>
- Re: Assorted arm-buster problems - network configuration
  - From: andreimpopescu@gmail.com

Prev by Date: aptitude new packages list forgets old
Next by Date: Re: fix for no ssh
Previous by thread: Re: Assorted arm-buster problems - network configuration
Next by thread: Re: Assorted arm-buster problems - network configuration
Index(es):
- Date
- Thread