New ZeroConf Spec

Sebastien ESTIENNE sebastien.estienne at gmail.com
Sat Jul 8 21:30:03 BST 2006


Scott James Remnant wrote:
> On Mon, 2006-07-03 at 20:48 -0700, Dan Kegel wrote:
> 
> 
>>There should be no exception: there should be no open ports by default.
>>
> 
> This isn't actually entirely true; we currently have two open ports by
> default:
> 
> If you're on a network with DHCP, the DHCP client listens on UDP port 68
> to receive responses from the DHCP server.
> 
> And every time you make a DNS query, a UDP port is opened to receive the
> response from the DNS server.
> 
> 
> Both of these are issued from software that has a very long pedigree,
> and of which we can be vaguely confident that it is not a security
> problem.
> 
> Avahi isn't yet at that state, so it is not permitted an open port by
> default.
About security and avahi, this is a good thing to read:
http://avahi.org/wiki/SecurityConsiderations

basically avahi, run chrooted and as "avahi" user, plus it's using

> 
> Scott
> 




More information about the ubuntu-devel mailing list