* Matthew Toseland <toad at amphibian.dyndns.org> [2006-04-24 20:33:38]:
> On Mon, Apr 24, 2006 at 07:31:30PM +0000, NextGen$ wrote: > > > > As I said previously, I don't think that Up&p support is a good idea :/ > > > > It's the eternal tradeoff between hidding a node and ease to use. If we > > implement UP&P support, I strongly suggest that we implement Bonjour support > > (apple's discovery protocol) too. And possibly Zeroconf > > What's the problem? We're only talking to the router, right? No :) do you know how up&p works ? it's using multicast : every one willing to will get informations on the lan. Moreover, UP&P allows hackers to do really nasty things. You know, what arp spoofing/ICMP redirect attacks are ? UP&P allows you do to nastier things, more easily. I don't know what to blame : the protocol or implementations. But in any case, it's definily YetAnotherAttackVector until we have some MiM attack protection... And even with it : It will be a convenient way to prevent someone from using freenet on a "shared" lan. ... As long as it remains optionnal and NOT the default behaviour, I don't mind... The problem is that if it's not the default behaviour, it's pointless ;) > > > > > > > > > > > > What do you think about my thoughts? > > > > > > > > > > Is any of the developers available to be my mentor? > > > > > > > > I will gladly answer any questions any would-be freenet developer has on > > > > how the code works in order to assist them in building useful features. > > > > If > > > > you want to apply for Google SoC then by all means do, but it looks like > > > > there will be some competition. > > > > If I'm allowed to be both a mentor and an applicant, I may help too. > > > > > > > Thanks in advance, > > > > > Thomas King > > > > Nextgen$ > -- > Matthew J Toseland - toad at amphibian.dyndns.org > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech
