From nobody Mon Oct 26 10:54:16 2020 Return-Path: X-Original-To: dnsop@ietfa.amsl.com Delivered-To: dnsop@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FA173A0E09 for ; Mon, 26 Oct 2020 10:54:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.886 X-Spam-Level: X-Spam-Status: No, score=-1.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNEoqGK9MlNZ for ; Mon, 26 Oct 2020 10:54:12 -0700 (PDT) Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C293A0B85 for ; Mon, 26 Oct 2020 10:54:12 -0700 (PDT) Received: by mail-qv1-xf36.google.com with SMTP id w5so4709560qvn.12 for ; Mon, 26 Oct 2020 10:54:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=c5/BcPqsWk1eIyY8jAn9OHIjDBebu1wmrLaBdWdZqsI=; b=TTyYLOBBFSjLqMDDAGQt+S5vo7bHdyFRQVDi4G9ieDghPo+SLB0GD4Syc5N1W2RQMD NzmGPVbWPfTXcwMA4IMppsPD7EB0CS6KOXErsw0PkL2+a4yfxyhoX8IytmwUpY1NKrvr i30+U516Mm1Iwi4o1QUDH6aw3P7yfxqqNEgeq/2fBLMZlSx9cpIJ4UBhy20O2/gQ1fQ+ ndcWXTZyngh5IlEw+xIC6diiU/K+9TYmoEEUaiBw1LAJyTQQMLYw/G5sAvHvN0kWh1XA jvYfWvfHmdiMRL2GRW3o1lF8Gb4fl6Mfqjp23Me4Ag0bnngCl5Jqn/wyxQ1tEyxMO5k8 BX3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=c5/BcPqsWk1eIyY8jAn9OHIjDBebu1wmrLaBdWdZqsI=; b=Vmnknqk/BSpm3hRWVGij05QXI5dF7qMwNzerak1QRomHOOkWYm6A6yE/GRNJEYSOcZ 75x/p+0rU/rMTpm0hI50XSGKax7To23A02XbS5AZYaQGbZk8pfL9s/7n3vC+ckjp5BoV jnUJBH0ilkFc9rarvI1MapljgXrGUJrvzXgEg4GXAU0NPEJypqk9Sz4EwnGKWEhTDKLc YhpMkGBfmzIYqBQA+BFQ7TdzY9z+3i1zsJBVdUrI818n95oqV7p/Dv3A6Xz1qXLwRCSL rbtFXfVUNV+iFBJ4bLk4SWi/+gWYjGpFw5V8YWP/6pnjPyhYqd7YIKIyT/HHcfm+MbWG 9Suw== X-Gm-Message-State: AOAM530PQLjg8UF1b9Gnv9bPP3dpnNTylc5mCm7EY8SjMYy80/62J37x ajdh4r0PPR9uW9M3+R1sFASaPw== X-Google-Smtp-Source: ABdhPJytY7DXFTJN1IJmo3towOxHx2ylgirbLcfA+2VJuzCNkJO68NSLYrM6UE/hFY952L/WdDfMig== X-Received: by 2002:ad4:4701:: with SMTP id k1mr15145957qvz.47.1603734851650; Mon, 26 Oct 2020 10:54:11 -0700 (PDT) Received: from mithrandir.lan (c-24-91-177-160.hsd1.nh.comcast.net. [24.91.177.160]) by smtp.gmail.com with ESMTPSA id j10sm6220690qtn.46.2020.10.26.10.54.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Oct 2020 10:54:10 -0700 (PDT) From: Ted Lemon Message-Id: <1BAA8A3C-68BC-4BCF-9497-FF90CD5AA6EF@fugue.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_69A001EB-EF86-4555-8FD5-1EE35C364E3F" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.0.3.2.91\)) Date: Mon, 26 Oct 2020 13:54:09 -0400 In-Reply-To: <20201026173018.GB40654@faui48f.informatik.uni-erlangen.de> Cc: dnsop , kaduk@mit.edu To: Toerless Eckert References: <20201025192456.GG48111@faui48f.informatik.uni-erlangen.de> <539093D8-97C4-448F-A9C4-288C2586BC51@fugue.com> <20201026165915.GA40654@faui48f.informatik.uni-erlangen.de> <41920477-8979-49EC-9F14-11A100D622FF@fugue.com> <20201026173018.GB40654@faui48f.informatik.uni-erlangen.de> X-Mailer: Apple Mail (2.3654.0.3.2.91) Archived-At: Subject: Re: [DNSOP] DNSOP: question about hardening "something like mDNS" against attacks X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IETF DNSOP WG mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2020 17:54:14 -0000 --Apple-Mail=_69A001EB-EF86-4555-8FD5-1EE35C364E3F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On Oct 26, 2020, at 1:30 PM, Toerless Eckert wrote: >> If you???re going to do that, you might as well just turn off mDNS = entirely. >=20 > How is this worse than NOT doing this heuristic ?=20 It=E2=80=99s likely exactly the same. My expectation would be that the = port in the SRV record is literally never the port number in the = services table, with a few exceptions like ssh, which has a trust = establishment framework and can=E2=80=99t be easily attacked using your = proposed attack. The sense in which it might be worse, though, is that it might fail = sometimes, but not always. This makes it harder to figure out why it=E2=80= =99s not working. You might not even realize that the problem is mDNS. --Apple-Mail=_69A001EB-EF86-4555-8FD5-1EE35C364E3F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 On = Oct 26, 2020, at 1:30 PM, Toerless Eckert <tte@cs.fau.de> = wrote:
If you???re going to do that, you = might as well just turn off mDNS entirely.

How is this = worse than NOT doing this heuristic ? 

It=E2=80=99s likely exactly the = same. My expectation would be that the port in the SRV record is = literally never the port number in the services table, with a few = exceptions like ssh, which has a trust establishment framework and = can=E2=80=99t be easily attacked using your proposed attack.

The sense in which it = might be worse, though, is that it might fail sometimes, but not always. = This makes it harder to figure out why it=E2=80=99s not working. You = might not even realize that the problem is mDNS.

= --Apple-Mail=_69A001EB-EF86-4555-8FD5-1EE35C364E3F--