New ZeroConf Spec
Scott James Remnant
scott at ubuntu.com
Thu Jul 13 11:45:53 BST 2006
On Thu, 2006-07-13 at 11:19 +0100, Ian Jackson wrote:
> Scott James Remnant writes ("Re: New ZeroConf Spec"):
> > On Wed, 2006-07-12 at 17:12 +0100, Ian Jackson wrote:
> > > We were discussing DNS. DNS packets have a 16-bit id field which must
> > > be replicated in the response. However, not all implementations set
> > > it randomly (mine doesn't, for example!) so you must protect your
> > > resolver from forged responses.
> >
> > I'm not sure this is also true for Multicast DNS, where updates can be
> > sent across the network unanticipated.
>
> Yes, but mdns is _designed_ to allow every `nearby' host to mess with
> your view of the mdns namespace. That's the whole point.
>
Which means that you accept DNS packets from anyone else around you,
meaning that the application is at risk of being exploited via that open
port due to bugs.
... ah, I believe we have reached the middle of this conversation ...
Scott
--
Scott James Remnant
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060713/446d8d17/attachment.pgp
More information about the ubuntu-devel
mailing list