New ZeroConf Spec
Daniel Pittman
daniel at rimspace.net
Wed Jul 19 03:50:52 BST 2006
"Hervé Fache" <Herve at lucidia.net> writes:
> On 7/18/06, Ian Jackson <ian at davenant.greenend.org.uk> wrote:
>> Loïc Minier writes ("Re: New ZeroConf Spec"):
>> > On Mon, Jul 17, 2006, Ian Jackson wrote:
>> > > * avahi would be an additional piece of software exposed directly and
>> > > permanently to hostile network traffic initiated outside the [host]
[...]
>> > One problem that has been mentionned multiple times in this discussion
>> > is "avahi exposed on the Internet" versus "avahi visible from my local
>> > network".
>>
>> It is not really possible for the system to tell reliably whether its
>> ethernet interface is exposed to the Internet or is only on `a local
>> network' (whatever that might mean, but presumably something with less
>> hostile traffic).
>
> In some cases, it is: 10.0.0.0/24 172.16.0.0/12 192.168.0.0/16
> 169.254.0.0/16
Sorry, but no: at least two major wireless ISP networks here in
Australia assign private IP addresses to client machines, then perform
NAT for Internet access.
They also, so far as I can tell, use NAT to expose machines to the
public Internet as well.
Several common ADSL devices here also use this technique, at least by
default: they assign private addresses, even though those are strictly
speaking Internet facing. NAT is used to direct some or all traffic
from the public address to the internal machine.[1]
So, use of a private address range is *not* an assurance that your
network is anything resembling private or secure.
Regards,
Daniel
Footnotes:
[1] I suspect this is actually the decision of the ISP supplying
instructions to configure the hardware, but whatever. This isn't
all that uncommon, sadly.
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/
More information about the ubuntu-devel
mailing list