On Oct 26, 2020, at 12:59 PM, Toerless Eckert <t...@cs.fau.de> wrote: > The networks where i am worried are not home networks, > but something like an office park network, where supposedly each > tenant (company) should have gotten their disjoint L2 domains, ... and then > they didn't. And one of the tenants has a "funny" network engineer/hacker.
That’s pretty clearly the thing to fix. > So, eliminate for your assessment the option of better > protocols. Now, why would this heuristic then still be > "very bad" ? To me it just eliminates the benefits of > dynamic port signaling when there is an attack. And has no > impact under no attack. If you’re going to do that, you might as well just turn off mDNS entirely. I don’t know whether or not this would also be true of GRASP, however.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
