New ZeroConf Spec
Christofer C. Bell
christofer.c.bell at gmail.com
Fri Jul 21 17:08:54 BST 2006
On 7/20/06, Florian Zeitz <Florian.Zeitz at gmx.de> wrote:
> Excuse me, but you'll have to explain this to me. From what I understand
> you receive advertisements from a remote machine be it a rogue one or
> not. After that you know that a service is available. To this point
> nothing bad has happened (unless avahi is vulnerable to something just
> in it's advertisement receiving code).
Ever heard of WinNuke? Any daemon that listens for connections coming
from the Internet (or local network) is vulnerable to malicious
packets. This is true for Avahi, as well. The default Ubuntu policy
of "no open ports" is what we should be guided by.
"I trust the Democrats to take away my money, which I can afford. I
trust the Republicans to take away my freedom, which I cannot."
More information about the ubuntu-devel