Subnet authority and trust
Sven-Haegar Koch
haegar at sdinet.de
Fri May 5 14:38:15 CEST 2017
On Thu, 4 May 2017, Parke wrote:
> How does tincd determine the subnet(s) of other remote nodes? Does
> tincd read its copies of the hosts file and parse and follow the
> subnet information contained in the local files? Or does tincd solely
> trust the subnet information dynamically advertised by each remote
> node?
>
> In my experimentation, it seems that:
>
> a) tincd reads its own subnet(s) from its copy of its own host file, but
>
> b) tincd ignores the subnets specified in the other hosts files.
>
> This would seem to mean that if:
>
> 1) There are three nodes, A, B, and C, and
> 2) Node B is offline, and
> 3) Node C is compromised and advertises itself as serving B's subnet(s), and
> 4) Node A sends traffic to an IP address on one of B's subnets, then
> 5) Node C will intercept the traffic that A believes A is sending to B's subnet.
>
> Is the above description of how tincd operates correct?
>
> Is this an intentional choice? If so, what is the reasoning behind it?
>
> It seems to me that this behavior (trusting all advertised subnets) is
> unexpected and possibly undocumented. The behavior would also seem to
> prioritize convenience over security.
>
> (I am running tinc version 1.0.24 on Debian.)
The StrictSubnets = yes looks like what you want. Then a node only
routes subnets as defined in locally existing hosts files, not
announced from the outside anymore.
c'ya
sven-haegar
--
Three may keep a secret, if two of them are dead.
- Ben F.
More information about the tinc
mailing list