But it has to be the default behaviour, or it's useless. Non-idiotic users will just use dyndns. I suppose we can ask users if they have a LAN with untrusted users...?
On Mon, Apr 24, 2006 at 07:46:58PM +0000, NextGen$ wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-04-24 20:33:38]: > > > On Mon, Apr 24, 2006 at 07:31:30PM +0000, NextGen$ wrote: > > > > > > As I said previously, I don't think that Up&p support is a good idea :/ > > > > > > It's the eternal tradeoff between hidding a node and ease to use. If we > > > implement UP&P support, I strongly suggest that we implement Bonjour > > > support > > > (apple's discovery protocol) too. And possibly Zeroconf > > > > What's the problem? We're only talking to the router, right? > > No :) > > do you know how up&p works ? it's using multicast : every one willing to will > get informations on the lan. Moreover, UP&P allows hackers to do really nasty > things. You know, what arp spoofing/ICMP redirect attacks are ? UP&P allows > you do to > nastier things, more easily. > > I don't know what to blame : the protocol or implementations. But in any > case, it's definily YetAnotherAttackVector until we have some MiM attack > protection... And even with it : It will be a convenient way to prevent > someone from using freenet on a "shared" lan. > > ... As long as it remains optionnal and NOT the default behaviour, I don't > mind... The problem is that if it's not the default behaviour, it's pointless > ;) -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060424/3260606e/attachment.pgp>
