Subnet authority and trust

Parke parke.nexus at gmail.com
Fri May 5 05:45:12 CEST 2017


Hello,

How does tincd determine the subnet(s) of other remote nodes?  Does
tincd read its copies of the hosts file and parse and follow the
subnet information contained in the local files?  Or does tincd solely
trust the subnet information dynamically advertised by each remote
node?

In my experimentation, it seems that:

a) tincd reads its own subnet(s) from its copy of its own host file, but

b) tincd ignores the subnets specified in the other hosts files.

This would seem to mean that if:

1) There are three nodes, A, B, and C, and
2) Node B is offline, and
3) Node C is compromised and advertises itself as serving B's subnet(s), and
4) Node A sends traffic to an IP address on one of B's subnets, then
5) Node C will intercept the traffic that A believes A is sending to B's subnet.

Is the above description of how tincd operates correct?

Is this an intentional choice?  If so, what is the reasoning behind it?

It seems to me that this behavior (trusting all advertised subnets) is
unexpected and possibly undocumented.  The behavior would also seem to
prioritize convenience over security.

(I am running tinc version 1.0.24 on Debian.)

Thanks!

-Parke


More information about the tinc mailing list