Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Don't disable Bonjour' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Don't disable Bonjour
Authored by: jvl001 on Jul 19, '05 02:18:19PM

(Removing tinfoil hat and donning asbesto suit...)

If you don't like Bonjour/Rendezvous/Zeroconf, you can certainly shut it off, but as others have suggested I wouldn't recommend it. The odds of breaking an application and possibly the "it-just-works" nature of OS X are high given the negligible improvement in security that would result.

Bonjour/Rendezvous/Zeroconf and the like use IP multicast, rather than point-to-point or broadcast IP traffic to communicate with other machines in your local network. Multicast traffic, by definition, never leaves your local network, nor is it ever relayed between networks. For example, if you join a wireless network at a cafe, you may see services (such as iChat Bonjour, file shares, automagic network configuration choices, Safari Bonjour Bookmarks, iTunes Music Shares) being advertised by local machines (and vice versa). If you sniffed traffic you would see packets destined for multicast addresses in the range 224.0.0.0 through 224.0.0.255. Everyone on your subnet sees the same multicast traffic. What you wouldn't see is multicast traffic from the cafe down the road, multicast traffic from the otherside of your VPN connection, or multicast traffic from the hacker in Blackhatistan (or vice versa).

That being said, if you still feel that you don't want to advertise a particular service, then shut off that application or option. For example, iChat works with both AOL and .mac IM, but it also allows you to chat with other users on your local network. Assuming you have the Bonjour feature of iChat turned on, it will advertise your presence on the local network. It's hardly surprising that it would reveal your user name and machine name given that you asked it to do so by turning on the Bonjour feature of iChat. (Some users may only use the Bonjour feature of iChat without an IM account.)

Turn on your firewall, shut off unneeded services (through System Preferences->Sharing) and you have little to worry about.

Bonjour (or mDNSResponder to be more specific) is just an advertiser of services, which happens to use IP multicasting to spread it's message. Shut off the service, but don't shoot the messenger.




[ Reply to This | # ]
10.4: Don't disable Bonjour
Authored by: windexh8er on Nov 18, '05 09:44:02PM

Wow... How wrong you are. If you knew anything about networking you'd already be informed that routing platforms can route almost any traffic today. Using encapsulation, tunneling and all kinds of other industry standard mechanisms. Being a CCIE and CISSP I'd like to inform you that multicast routing is very real, and is used quite extensively (how do you think you they efficiently provide 99% of all webcasts to a huge viewer base?).

Also... Did you even read any of the developer information for Bonjour? Ever heard of wide-area Bonjour? Do your homework.



[ Reply to This | # ]