Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block non-local connections on mdns server #68

Closed
gmaclennan opened this issue Feb 2, 2023 · 2 comments
Closed

Block non-local connections on mdns server #68

gmaclennan opened this issue Feb 2, 2023 · 2 comments
Assignees
@tomasciccola
Labels
mapeo:discovery

Comments

@gmaclennan
Copy link
Member

We create a tcp server for listening to mdns connections, but theoretically this could receive connections from outside the local network.
We should reject/block incoming connections from non-local addresses. We can maybe do this by checking socket.remoteAddress against private IP ranges with something like https://github.com/mafintosh/bogon
The reason for doing this is a security precaution, particularly if we are sending invites to peers discovered through mdns, and we want to be sure that incoming connections are local network only.
@gmaclennan gmaclennan mentioned this issue Mar 9, 2023
Open
@tomasciccola tomasciccola self-assigned this Apr 6, 2023
@tomasciccola tomasciccola moved this to 🏗 In progress in Mapeo - Sprint 2023 (Archived) Apr 6, 2023
@tomasciccola
Copy link
Contributor

tomasciccola commented Apr 6, 2023
edited
Loading

I was wondering how can we test this. Should we have a publicly accessible node that does mdns and connects to a predefined topic, so we can reject it on a test? Or is there already a mdns testnet that we can use?

This was referenced Apr 10, 2023
Closed
Closed
@tomasciccola tomasciccola moved this from 🏗 In progress to 👀 In review in Mapeo - Sprint 2023 (Archived) Apr 17, 2023
@gmaclennan gmaclennan mentioned this issue Aug 9, 2023
Closed
@sethvincent sethvincent mentioned this issue Aug 10, 2023
Closed
@gmaclennan
Copy link
Member Author

This should be fixed in the latest implementation

@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Mapeo - Sprint 2023 (Archived) Oct 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomasciccola tomasciccola

Labels
mapeo:discovery
Projects
Mapeo - Sprint 2023 (Archived)
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Block non-local connections on mdns server digidem/comapeo-core
3 participants
@sethvincent @gmaclennan @tomasciccola