On Mon, Oct 26, 2020 at 01:05:42PM -0400, Ted Lemon wrote:
> On Oct 26, 2020, at 12:59 PM, Toerless Eckert <[email protected]> wrote:
> > The networks where i am worried are not home networks,
> > but something like an office park network, where supposedly each
> > tenant (company) should have gotten their disjoint L2 domains, ... and then
> > they didn't. And one of the tenants has a "funny" network engineer/hacker.
>
> That???s pretty clearly the thing to fix.
The whole point is to build solutions on top of underlays where there can be
attacks, right ?
> > So, eliminate for your assessment the option of better
> > protocols. Now, why would this heuristic then still be
> > "very bad" ? To me it just eliminates the benefits of
> > dynamic port signaling when there is an attack. And has no
> > impact under no attack.
>
> If you???re going to do that, you might as well just turn off mDNS entirely.
How is this worse than NOT doing this heuristic ?
No difference under no attack.
What heuristic would you use under attack, and why ?
> I don???t know whether or not this would also be true of GRASP, however.
So far i do not see a difference except for deployment cases (home vs. more
difficult / potentially more easily attacked underlays, but then again, mDNS is
widely used within universities/schools too, sone might argue that there is not
even a different in deployment).
Cheers
Toerless
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
