On Oct 26, 2020, at 1:30 PM, Toerless Eckert <t...@cs.fau.de> wrote: >> If you???re going to do that, you might as well just turn off mDNS entirely. > > How is this worse than NOT doing this heuristic ?
It’s likely exactly the same. My expectation would be that the port in the SRV record is literally never the port number in the services table, with a few exceptions like ssh, which has a trust establishment framework and can’t be easily attacked using your proposed attack. The sense in which it might be worse, though, is that it might fail sometimes, but not always. This makes it harder to figure out why it’s not working. You might not even realize that the problem is mDNS.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop