New ZeroConf Spec

Daniel Pittman daniel at
Wed Jul 19 03:50:52 BST 2006

"Hervé Fache" <Herve at> writes:
> On 7/18/06, Ian Jackson <ian at> wrote:
>> Loïc Minier writes ("Re: New ZeroConf Spec"):
>> > On Mon, Jul 17, 2006, Ian Jackson wrote:
>> > >  * avahi would be an additional piece of software exposed directly and
>> > >    permanently to hostile network traffic initiated outside the [host]


>> >  One problem that has been mentionned multiple times in this discussion
>> >  is "avahi exposed on the Internet" versus "avahi visible from my local
>> >  network".
>> It is not really possible for the system to tell reliably whether its
>> ethernet interface is exposed to the Internet or is only on `a local
>> network' (whatever that might mean, but presumably something with less
>> hostile traffic).
> In some cases, it is:

Sorry, but no: at least two major wireless ISP networks here in
Australia assign private IP addresses to client machines, then perform
NAT for Internet access.

They also, so far as I can tell, use NAT to expose machines to the
public Internet as well.  

Several common ADSL devices here also use this technique, at least by
default: they assign private addresses, even though those are strictly
speaking Internet facing.  NAT is used to direct some or all traffic
from the public address to the internal machine.[1]

So, use of a private address range is *not* an assurance that your
network is anything resembling private or secure.


[1]  I suspect this is actually the decision of the ISP supplying
     instructions to configure the hardware, but whatever.  This isn't
     all that uncommon, sadly.

Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707        email: contact at

More information about the ubuntu-devel mailing list