| Summary: | Enable ssdp (upnp) protocol in mcc | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Jybz <j.biernacki+mga> |
| Component: | RPM Packages | Assignee: | Mageia tools maintainers <mageiatools> |
| Status: | NEW --- | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | Normal | CC: | davidwhodgins, ouaurelien |
| Version: | Cauldron | ||
| Target Milestone: | Mageia 9 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.mageia.org/show_bug.cgi?id=28571 | ||
| Whiteboard: | |||
| Source RPM: | drakx-net-2.53-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Jybz
2021-01-04 22:01:22 CET
Can probably be done for Mageia 9. We are past string freeze and version freeze and are starting on RC isos Target Milestone:
--- =>
Mageia 9 If it is added, it should come with a strong warning such as in https://www.varonis.com/blog/what-is-upnp/ Adding something to mcc that encourages people to use upnp on their networks seems like a bad idea to me, but I do agree that for those who understand the security risks it creates, it should be easy to do properly. CC:
(none) =>
davidwhodgins Well, why not seperating it ? One occurence for : zeroconf, and slp and another one sspd/upnp I just look here https://en.wikipedia.org/wiki/Zero-configuration_networking upnp is mentioned as zeroconf. Assigning to Mageia Tools Maintainers. Set this as a enhancement request for Mageia 9. Severity:
normal =>
enhancement
Aurelien Oudelet
2021-03-13 17:31:52 CET
See Also:
(none) =>
https://bugs.mageia.org/show_bug.cgi?id=28571 From bug 28571#c2 For vlc-upnp, the following ports need to be opened in the firewall ... $ grep -e sapv1 -e ssdp -e mdns /etc/services ssdp 1900/tcp # SSDP ssdp 1900/udp # SSDP mdns 5353/tcp # Multicast DNS mdns 5353/udp # Multicast DNS mdnsresponder 5354/tcp noclog # Multicast DNS Responder IPC mdnsresponder 5354/udp noclog # Multicast DNS Responder IPC sapv1 9875/tcp # Session Announcement v1 sapv1 9875/udp # Session Announcement v1 ssdp is upnp. But mdns is mdns, not upnp. For sap, I've never hear about before. https://en.m.wikipedia.org/wiki/Session_Announcement_Protocol I don't know if it is related to upnp. The more protocol we add in a "one-clic" category, and the less I'm in favor. It is like opening everything or blocking everything. I'm for a fine tuning, one for upnp, one other for mdns, … And better if, instead of hardcoding it, we can use config file to be read and added be packages. A new package could add the port without modifying this package (drakx-net) again. Out of topic : http://gitweb.mageia.org/software/drakx-net/tree/lib/network/drakfirewall.pm#n65 This : > ports => '137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp', Can be replaced by : > ports => '137:139/tcp 137:139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp', (In reply to Jybz from comment #6) > ssdp is upnp. > But mdns is mdns, not upnp. True. I was just listing the ports that vlc is trying to listen to. > For sap, I've never hear about before. > https://en.m.wikipedia.org/wiki/Session_Announcement_Protocol > I don't know if it is related to upnp. Doesn't appear to be. > The more protocol we add in a "one-clic" category, and the less I'm in > favor. It is like opening everything or blocking everything. > > I'm for a fine tuning, one for upnp, one other for mdns, … And another for SSDP, which appears to be optional when using mdns. |