On Oct 26, 2020, at 4:14 PM, Toerless Eckert <t...@cs.fau.de> wrote:
> And the question from the AD was what could be done. So, do you have any
> implemention suggestion ? Are there any sugestions for mDNS ?

There are no simple mitigations. If there were, they would already be in the 
protocol.

> Btw: I do agree that for most use of mDNS as it is relying on dynamic ports,
> my suggestion would create an undesired trend of allocating static port 
> numbers.
> This is also true for GRASP in general, but for the specific use-cases
> in mind in my text, which are really inside-network infra protocols, the 
> argument could be
> made that static port allocation was indeed well feasible (as we're talking 
> about a
> very small number here) . But we had not done it because we hadn't vetted the 
> benefits
> of doing such a port allocation.

If it’s a multicast discovery protocol with no authentication, then 
constraining the set of allowed ports just means that the node that’s attacking 
you has to be able to listen on that port, which it likely can. So I think this 
reduces function without increasing hardening.

What actually hardens mDNS is that it’s a link-local protocol. It doesn’t work 
across links. This limits the attack surface. But there’s no way to eliminate 
the attack surface.  If I were in Ben’s shoes, I’d be asking you to change the 
protocol to support authentication and ToFU as a hardening strategy, with some 
better trust establishment mechanism as future work based on the existing 
presence of crypto signatures. But the current consensus of the IETF is 
apparently that ADs aren’t allowed to insist on things like that. :(

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to