New ZeroConf Spec
daniel at rimspace.net
Wed Jul 19 03:50:52 BST 2006
"Hervé Fache" <Herve at lucidia.net> writes:
> On 7/18/06, Ian Jackson <ian at davenant.greenend.org.uk> wrote:
>> Loïc Minier writes ("Re: New ZeroConf Spec"):
>> > On Mon, Jul 17, 2006, Ian Jackson wrote:
>> > > * avahi would be an additional piece of software exposed directly and
>> > > permanently to hostile network traffic initiated outside the [host]
>> > One problem that has been mentionned multiple times in this discussion
>> > is "avahi exposed on the Internet" versus "avahi visible from my local
>> > network".
>> It is not really possible for the system to tell reliably whether its
>> ethernet interface is exposed to the Internet or is only on `a local
>> network' (whatever that might mean, but presumably something with less
>> hostile traffic).
> In some cases, it is: 10.0.0.0/24 172.16.0.0/12 192.168.0.0/16
Sorry, but no: at least two major wireless ISP networks here in
Australia assign private IP addresses to client machines, then perform
NAT for Internet access.
They also, so far as I can tell, use NAT to expose machines to the
public Internet as well.
Several common ADSL devices here also use this technique, at least by
default: they assign private addresses, even though those are strictly
speaking Internet facing. NAT is used to direct some or all traffic
from the public address to the internal machine.
So, use of a private address range is *not* an assurance that your
network is anything resembling private or secure.
 I suspect this is actually the decision of the ISP supplying
instructions to configure the hardware, but whatever. This isn't
all that uncommon, sadly.
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
More information about the ubuntu-devel