[mythtv] Proposed change to Network Communications
warlord at MIT.EDU
Fri Mar 10 15:40:03 UTC 2017
Some of us actually have public IP addresses on our network!!
Peter Bennett <pgbennett at comcast.net> writes:
> On 03/08/2017 11:46 AM, Gary Buhrmaster wrote:
> Do not get me wrong, I think IPv6 is the now, and
> IPv4 is legacy/dead. But the myth protocol has been
> regularly stated by the MythTV elders as not being
> public Internet ready, and only with stateful protection
> (or someone who knows how to configure firewall rules)
> should one consider running the device on the public
> Internet. Changing the defaults to run IPv6 publicly
> will require stepping up the other parts of the protocol
> (one mitigation short of authentication might be to set
> the TTL for the myth protocol to something like 3,
> (just like DTCP-IP), which is more or less "in the
> residence" for 98% of the users).
> Thinking about this some more, I came up with an addition to the previous
> Keep the "Listen on all ip addresses" checkbox that I proposed.
> Whether or not "Listen on all ip addresses" is checked, check the sender of
> all incoming connections. If the sender is a public IP address, simply ignore
> the connection.
> Provide a checkbox labeled "NOT RECOMMENDED - Allow connections from the
> Internet". Default this to unchecked. When this is unchecked, only provide
> private ip addresses from the below list in the drop down boxes for IP
> address. When it is checked, provide all ip addresses in the drop down and
> bypass the sender ip address check.
> The following IP addresses are the private ip addresses that would be allowed.
> Everything else would be rejected.
> 192.168.0.0 - 192.168.255.255
> 172.16.0.0 - 172.31.255.255
> 10.0.0.0 - 10.255.255.255
> 127.0.0.1 (local loop-back)
> 169.254.0.0 - 169.254.255.255 (link-local)
> ::1 (local loop-back)
> fe80::/10 (link-local)
> fc00::/7 (unique local)
> For UDP - just ignore messages from ip addresses not on the list. As far as I
> can see, UDP is only used for one purpose in MythTV. In the frontend it is
> used for Airplay, where audio data is received and played. If you are playing
> some sound, somebody on the internet could send you some audio data if they
> spoof the sending address. The backend does not bind UDP so nothing could be
> sent to it via UDP.
> mythtv-dev mailing list
> mythtv-dev at mythtv.org
> MythTV Forums: https://forum.mythtv.org
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the mythtv-dev