PSARC/2007/499 Automatic discovery of network attached printers
James Carlson
james.d.carlson at sun.com
Thu Aug 30 11:22:07 PDT 2007
Nicolas Williams writes:
> On Thu, Aug 30, 2007 at 08:09:44PM +0200, Casper.Dik at Sun.COM wrote:
> >
> > >Norm Jacobs writes:
> > >> John Plocher wrote:
> > >> > Darren J Moffat wrote:
> > >> > Q: is there anything I could do to you or find out about you at this
> > >> > point, before any print jobs are sent?
> > >> NO
> > >
> > >Not quite true. You'll have an open UDP port to receive those SNMP
> > >replies. If a Bad Guy on the network can forge packets that cause
> > >your daemon to malfunction, then he can potentially get access to
> > >whatever privileges your daemon has.
> > >
> > >It's _at least_ the classic open-port problem.
> >
> > And it's detected in port scans which generally upsets customers.
>
> What if the software uses only "connected" UDP sockets? Will UDP
> datagrams sent to that port by nodes which are not the remote side of a
> connected UDP socket elicit an ICMP?
How are you going to use a "connected" UDP socket when the point of
this project is to _discover_ nodes on the network, and thus the
daemon doesn't already know what addresses those nodes have and cannot
formulate a viable connect() call?
This is a broadcast-query-listen-for-answers sort of mechanism, not a
direct query.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list