zeroconf and security
Sean Middleditch
elanthis at awesomeplay.com
Tue Aug 24 13:42:08 UTC 2004
On Tue, 2004-08-24 at 15:23 +0200, Harald Hoyer wrote:
> Colin Walters wrote:
> > Sure. You can also answer DNS requests faster than the company DNS
> > server. There's nothing new here, these protocols are insecure. Barring
> > widespread use of DNSSEC, security has to come at a higher level via
> > IPSec, TLS, etc.
>
> DNS or DHCP?
Both. They both have the exact same potential problems. Actually,
*any* protocol has this problem, unless it has some sort of
authentication method. I can easily put up a web server on the local
net that answers for the same IP as the corporate web server. If the
connection isn't encrypted or the clients ignore certificate warnings, I
can attack your network with very little effort once I'm inside.
>
>
--
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
More information about the fedora-devel-list
mailing list