Re: [dtn-security] Re(2): How do you feel about Bonjour/Avahi?

"Graham Keellings (Leonix Solutions Pte Ltd)" <> Mon, 13 July 2009 03:22 UTC

Received: from ( []) by (8.13.8/8.13.8) with ESMTP id n6D3MsJ7006357 for <>; Sun, 12 Jul 2009 20:22:54 -0700
Received: from ([] helo=[]) by with esmtpa (Exim 4.69) (envelope-from <>) id 1MQC6i-0002bp-4w; Sun, 12 Jul 2009 23:21:36 -0400
Message-ID: <>
Date: Mon, 13 Jul 2009 11:21:32 +0800
From: "Graham Keellings (Leonix Solutions Pte Ltd)" <>
Organization: Leonix Solutions Pte Ltd
User-Agent: Thunderbird (X11/20090608)
MIME-Version: 1.0
To: Peter Lovell <>
References: <> <"3A5AA67A8B120B48825BFFCF544385613 7E0B06196"> <> <023601c9df2a$694fd5b0$3bef8110$@com> <> <> <"029d01c 9e925$1e354880$5a9fd980$"@com> <> <"2009062 8050243.1566215671"> <> <"2009 0628052255.640550503"> <> <"20 090628141313.1532044204"> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/mixed; boundary="------------030806060009040706060507"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [dtn-security] Re(2): How do you feel about Bonjour/Avahi?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Jul 2009 03:22:54 -0000

Peter Lovell wrote:
> [snip]
>>> Bonjour is just a service discovery protocol, not a part of a security
>>> system. And it's localized so that only your neighbours know. It
>>> shouldn't make any difference to integrity or confidentiality as those
>>> should be handled by the defenses you have deployed. At a stretch, it
>>> might make adversaries aware of your system but if they see Bonjour
>>> advertisements then they're close to you already and can see your
>>> network traffic.
>> An excellent point, and one which worries me. How does "standard" 
>> security which is not int he DTN part of the system affect the overall 
>> system of which DTN is only a part?
> I'm not sure I understand your point here. DTN sits on top of various
> transport mechanisms (referred to as "convergence layers" in the specs)
> and these may have their own security mechanisms. These are in addition
> to the dtn ones that only are invoked after coming through the lower
> layers. As an example, if you are using TCP convergence layer, I would
> expect that to defend against common TCP DOS attacks, such as syn-flood.
> DTN doesn't have to deal with those.
A point well made. It's not (currently) part of my remit to be concerned 
about TCP/IP, WEP/WPA, et al. But it surely needs to be considered in my 
system and I don't see who else will do it. Oh, well, that's why ssytems 
have v2.0 :-)

>>> Bonjour and static IP addresses are solutions to different problems. An
>>> IP address allows a system to send something to you. Bonjour allows a
>>> nearby system to find you if it doesn't know your address.
>> In my idea of a "closed, secure" system, if someone does not know my IP 
>> address, then I don't even want him to know that I exist (al least, I 
>> think so ... )
> You might indeed want him not to know, and it might be good to keep as
> low a profile as possible. But in most cases (not all) I wouldn't
> categorize that as real "security". It's like having secret crypto algorithms.
A very good point. Secret crypto is generally snake-oil and certainly 
not widely peer-reviewed.

> Can it be one part of a layered defense? Certainly. Do I place much
> reliance on it? No, with occasional exceptions. 
What about this then - is it even feasible? If I know that I have a 
closed universe of nodes, can I encrypt the IP headers? That might help 
prevent  DOS by repeated pinging. Of course, there are only a limited 
number of public IP addresses, which could be quickly and easily tried, 
but it throws up one more roadblock. Or I could use "real" IP addresses 
- maybe IPv6 9after carefully reading ...

Am I on a totally wrong track here? Or could encrypted IP headers be one 
more layer of armour?

>>> If you are sensitive about denial-of-service attacks then I would
>>> suggest strongly that you do not use a hard-coded IP address, but
>>> specify a dns address instead.
>> And that gets resolved to an IP address how? If I have an ad-hoc 
>> network, I don't want to have a DNS server.
> The non-Bonjour scenario uses a standard dns server -- nothing strange
> there. Bonjour works in a standard local network (think of a small
> office with DHCP, internet connectivity and with or without a dns server
> for the local machines) or purely ad-hoc. In the ad-hoc case, the
> machines self-assign link-local IP addresses in the range
> Discovery is done using multicast-dns. The machines
> respond directly and there is no server involved.
Thanks for clarifying. Looks like I need to re-read TCP/IP/DNS for Dummies.

> Cheers.....Peter
> _______________________________________________
> dtn-security mailing list

Technical Director
Leonix Solutions (Pte) Ltd
18 Boon Lay Way
#09-95 TradeHub 21
Singapore 609966
Telephone:+65 6316 9968
Fax: +65 6316 9208