zeroconf and security
Colin Walters
walters at redhat.com
Tue Aug 24 12:32:31 UTC 2004
On Tue, 2004-08-24 at 12:54 +0200, Harald Hoyer wrote:
> With all those DHCP and DNS magic, the question comes up, if there is any security check involved?
> Will the user be asked, if he accepts the configuration from DHCP server x which gives additional DNS server y, which pulls in several configurations?
>
> Without security checks I could redirect a users desktop easily to my linux laptop,
> which maybe answers a DHCP request faster than the company DHCP server.
Sure. You can also answer DNS requests faster than the company DNS
server. There's nothing new here, these protocols are insecure. Barring
widespread use of DNSSEC, security has to come at a higher level via
IPSec, TLS, etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040824/99a7c778/attachment.sig>
More information about the fedora-devel-list
mailing list