New ZeroConf Spec

Loïc Minier lool+ubuntu at
Mon Jul 17 17:52:31 BST 2006

On Mon, Jul 17, 2006, Ian Jackson wrote:
>  * avahi would be an additional piece of software exposed directly and
>    permanently to hostile network traffic initiated outside the
>    current host.  Currently Ubuntu has very few such pieces of
>    software - pretty much, only the kernel is so exposed.  The `no
>    open ports' policy is a good rule of thumb, intended to keep things
>    this way.

 I think the DHCP client was already mentionned.  Other software is
 permanently connected to Internet hosts, for example for network time
 updates, or to check for security updates.

 One problem that has been mentionned multiple times in this discussion
 is "avahi exposed on the Internet" versus "avahi visible from my local
 network".  Some people go as far as saying that local networks are very
 unsafe too, but imagine we would force avahi to only listen on
 interfaces which only have RFC 1918 addresses: wouldn't that be a good
 default configuration to permit local discoverability but still keep
 the Internet exposure to a low level?

Loïc Minier <lool at>

More information about the ubuntu-devel mailing list