On Fri, 25 Aug 2023 at 10:31, Richard Hughes <hughsi...@gmail.com> wrote:
> On Fri, 25 Aug 2023 at 13:19, Stephen Smoogen <ssmoo...@redhat.com> wrote: > > My understanding was that Microsoft found their own 'share updates' not > working as much as expected > > Hmm, I heard the opposite; can you give any more info? They have way > No, I only have some chatter from sysadmins at enterprise sites who had to deal with audits, failed updates, and being told to turn it off to fix them. So let's just assume I am talking to too many cranky old sysadmins and I believed their fish stories too much. > more telemetry than we do, and I was told it would not "be feasible" > to continue WU without the peer-to-peer functionality built into > windows. According to them they even have some kind of IPv6 tunnel > thing going on which seems alarming if true. > > either by network scans > > As in "port 27500 exists you have a security problem" kind of scans? > > It depends on the scanning from ports open to unknown shared files to 'why did our network costs go up so much?' > > or just the fact that as soon as someone puts up a service like this.. > it is profitable for the crooks to abuse it. > > Probably my naivety, but what kind of things did you have in mind? > > The following are just things I have seen from blackhat/defcon over the years and criminal gang stories. I don't expect (m)any of them may be related to passim, but most of the time the problems are with a protocol/service which says "Here we've assuming your local network (aka LAN) is a nice and friendly place, without evil people trying to overwhelm your system or feed you fake files." So when I read that these days, I get anxious. Going from other things it has been a way to inject bad packages, bad metadata, mass system slowdowns across a fleet, using the service on N systems as a DDOS against third parties (which they then charge fees for), etc. The bad packages are more of a problem because of stolen keys being used to sign something. The 'onion' layers of protection that might have been in place is that you get updates on that from a subset of 'secure' places. Instead now, this could be any system which presents the signed data on a distributed service which says its legitimate. [And depending on the P2P, it can be that like cockroaches the bad data will keep popping up and spreading so you need to make sure you have somewhere else a blacklist to remove things.. though you need to make sure that blacklist can't be manipulated also.] Mass slowdowns are where you find that the sharing does some sort of scan which can somehow be overloaded in some sort of CPU or disk usage loop (this is usually a chained flaw in say a compression routine which 'should never happen with legitimate data'.) DDOS are where the metadata being shared points everyone to download something from some place which isn't expecting it. [Or some packet lookup that the P2P service expects] > Richard. > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
