Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'reply to snoop' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
reply to snoop
Authored by: jonasyorg on Jul 19, '05 12:37:02AM

I'm posting this as it's own thing because I don't want people to have to click the link to see the truth.

snoop: you don't know what you're talking about!

"Bonjour does NOT give out user names"

*cough*...there's a little application called bonjour browser, look it up. There's an application called ichat, look it up. Run bonjour browser, and then turn on ichat's bonjour...what do you see in bonjour browser? oh, well *I* see my username@my computer name! My username is NOT the same as my aim name, or my long name so it's pretty clearly my username. But good job on stating something you can't back up.



"and it gives out the Computer Name so that you can recognize your computer in a list. The Computer Name is fully customizable and doesn't need to contain your real name."

yes, and as such mine is as generic as it can be without being conspicuous(and interesting thing might be to see what happens if two computers on the same local net have the same computer name...but I don't have two computers) HOWEVER the DEFAULT <i>does</i> contain a person's real name more often than not (just jump on any campus network to verify)


"If an attacker really wants to enumerate the running services, they can do this even if the dumb "stealth mode" feature is on.Your machine will always send an "ack" for a TCP request to a certain port, because if it doesn't, then networking wouldn't work at all."

thanks for the networking tutorial! You didn't read very carefully did you? I said an attacker can find out what you're running WITHOUT active scanning. You're describing active scanning. Obviously if the attacker has time they will go the stealthier route.

"So leaving Bonjour on does not make it easier for an attacker."

tell that to the social engineer who now has real names(or even fairly unique user ids(such as this one for instance)), and can start googling someone.

"Lastly, Bonjour is not chatty when compared to all the other networking activity on the computer. If you actually looked at a packet trace, you would realize that."

*sigh* Its precisely because I DO look at network traces that I know that it's sending data that it doesn't need to(especially when all bonjour services are left as default) Yeah, it's not as much traffic as a single hit of slashdot, but that's not the point, I didn't say this was some bandwidth saving technique! I said that if you're not using it it's sending worthless data which can possibly leak information about your machine, and those who don't want that data leaked, should have the option to turn it off!


"I would not recommend turning off Bonjour. You will not be saving much in CPU usage since mDNSResponder averages less than .01% CPU. Also, many things that you might not realize (like printing and AirTunes, etc.) rely on Bonjour and will break if you turn it off"

again, I didn't say it was to save CPU, but there are people like me who don't use these features, and this site is about posting information (even esoteric information that not everyone will use) for those who want it (because I personally post stuff when I just want to be able to google it again at some later date)

ok snoop ,you do know what you're talking about, but that doesn't mean you can tell others that this is something they shouldn't know about, or imply it's useless.



[ Reply to This | # ]
reply to snoop
Authored by: displaced on Jul 19, '05 02:36:18AM

Your points are all valid of course.

However, for those who perhaps would like to tighten security (or at least gain a little awareness) whilst keeping the usefulness of Bonjour, here's a little more info (which I believe to be correct... could have got the wrong end of the stick, of course!)


- Bonjour is non-routable.

You are not broadcasting Bonjour info over the Internet, nor will your machine catch Bonjour requests from the Internet. It will only work over the local network. Which, to be honest, should only really have machines on it that you know and trust (in an ideal world!)


- Use application preferences.

I was a little surprised to see iChat using the local account name as an identifier. Not really a problem as far as I'm concerned, but I can see how it could spook others. Just jump into iChat's preferences and turn off Bonjour Chat. If you use Bonjour Browser, you'll see iChat then disappears. Basically, pay attention to what apps have Bonjour support, and turn it off on a per-app basis if you want.

Cheers,
Chris



[ Reply to This | # ]
reply to snoop
Authored by: uchuugaka on Jul 19, '05 03:32:33AM

what's the big deal?
truth is, if you really have so much stuff to hide, don't use any networking at all.
no wireless.
no internet.
also while you're at it, register yourself as dead so nobody can get your information.
face it, if SOCIAL ENGIEERS are scary, then you had better become a hermit, or move to a country where your information doesn't really exist in many forms.
the irony is, Big Brother style ID systems are at once the answer and a problem.
complete anonymity is also useless.
only the most persistent and sophisticated hacker will figure out what to do with anything they find.
if you're poor like me, there's nothing to gain by getting my information.



[ Reply to This | # ]
reply to snoop
Authored by: displaced on Jul 19, '05 05:15:27AM

*grin*

I know what you mean, but at the same time it does give a certain amount of peace of mind to be aware of exactly what info is available from your machine to unknown others.

Which is why this hint's good in that it shows that, on principle, Bonjour (I keep wanting to type Rendezvous!) does allow other unauthenticated machines to view info on your machine.

However, all the documentation I've read shows that Bonjour only works on link-local, NOT over an internet connection (be it dial-up, cable modem ADSL, ethernet or whatever). So really the submitter's concern should only be directed at the security of their local network. If it's a wired LAN then obviously you're pretty worry-free. If it's a wireless LAN, you'll do much better addressing the fundamentals of WLAN security rather than pulling the whole Bonjour capability from your Mac.

Regards,

Chris



[ Reply to This | # ]
reply to snoop
Authored by: displaced on Jul 19, '05 07:10:48AM

Incidentally, if you read my signature on every single on-line post I've made, you'll find my forename. And if I then tell you that my Mac's name is clementine (in homage to the film Eternal Sunshine of the Spotless Mind), then you'll already know what iChat exposes over Rendez... I mean, Bonjour.

Do what you wish with that information :)


Regards,

Chris



[ Reply to This | # ]