ZeroConf in Ubuntu Edgy
Patrick McFarland
diablod3 at gmail.com
Mon Jul 3 17:21:40 BST 2006
On Wednesday 28 June 2006 22:03, Soren Hansen wrote:
> On Wed, Jun 28, 2006 at 02:18:59PM -0700, Matt Zimmerman wrote:
> > > > Ubuntu has a no-open-ports by-default policy, which means that any
> > > > mDNS/DNS-SD based discovery cannot be enabled by default.
> > >
> > > How about a semi-closed policy? I.e. having a iptables configuration
> > > that is a bit more trusting of private networks.
> >
> > That's an interesting idea. But are enough ISPs and corporate
> > networks doing proper filtering these days for that to be safe?
>
> I'm not sure "enough" is quite enough in this case. I believe we really
> should build security policies on worst case and not assumptions about
> the majority of users.
>
> Besides, taking the current state of affairs in the wifi security area
> into account, the problem is currently much closer than the ISP.
I'm coming in a little late on this discussion, but this thread has basically
turned into a security vs usability flamewarish discussion.
The major issue here isn't "ZOMG ZEROCONF IS SECURITY HOLE! DIVE DIVE DIVE!",
its that Ubuntu doesn't have a useful firewall app. What I'd like to see is
an actual useful GUI frontend for iptables, so I can add rules like "Block
multicast" or "Block for this service on Internet hosts only."
With sane rules like that, mDNS stops being a gaping security hole unless
you're on a LAN with untrustworthy machines... which means I just set a
rule "Block multicast on all hosts".
Since the majority of LANs /are/ trustworthy, I think mDNS should be enabled,
and all apps should "look but not share" by default, and use mDNS
functionality as much as possible.
At this point, I think the Linux desktop isn't catching up to Windows
anymore... we've surpassed Microsoft in a lot of areas.... we're trying to
catch up to OSX now.
--
Patrick McFarland || www.AdTerrasPerAspera.com
"Computer games don't affect kids; I mean if Pac-Man affected us as kids,
we'd all be running around in darkened rooms, munching magic pills and
listening to repetitive electronic music." -- Kristian Wilson, Nintendo,
Inc, 1989
More information about the ubuntu-devel
mailing list