Re: Assorted arm-buster problems - network configuration
On 7/8/19, Gene Heskett <gheskett@shentel.net> wrote:
> On Monday 08 July 2019 14:48:59 Lee wrote:
>
>> On 7/8/19, Andrei POPESCU <andreimpopescu@gmail.com> wrote:
>> > On Lu, 08 iul 19, 13:37:26, Lee wrote:
>> >> On 7/7/19, andreimpopescu@gmail.com <andreimpopescu@gmail.com>
> wrote:
>> >> > The dangers are not at all obvious to me, possibly because I
>> >> > haven't used it much (if at all).
>> >>
>> >> Read the first three paragraph of the "Security Considerations"
>> >> section https://tools.ietf.org/html/rfc6762#section-21
>> >>
>> >> Assuming everything on the network is a trusted host is a dangerous
>> >> assumption, so paragraph 1 is N/A
>> >>
>> >> Assuming a trusted host won't get hacked is a dangerous assumption,
>> >> so paragraph 3 is N/A.
>> >>
>> >> All that's left is paragraph 2 -- and uninstalling whatever
>> >> software uses mDNS :)
>> >
>> > Security is not a black/white thing, it's more like a balancing act.
>>
>> Agreed
>>
>> > In my opinion mDNS/zeroconf can make perfect sense in some
>> > environments and be a complete no-go in others.
>>
>> Apparently it's not clear that I agree :(
>>
>> I thought about concluding with something about different people
>> making different assumptions & some not wanting or able to set up
>> their own dns server & living with the risk, but it seemed like such
>> an obvious conclusion that I didn't bother.
>>
>> Regards,
>> Lee
>
> If referring to my problem Lee,
Nope, this sub-thread is a result of my offering a hyperbolic opinion
to someone else.
You're very clearly in the "my network, my rules" camp, so I won't be
offering any opinions on how you should/shouldn't run your own network
:)
Regards,
Lee
Reply to: