[Nfd-dev] Close NFD backdoor
Davide Pesavento
davide.pesavento at lip6.fr
Mon Sep 8 09:29:33 PDT 2014
Hi Yingdi,
On Mon, Sep 8, 2014 at 6:41 AM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> Hi all,
>
> Beichuan and I had a discussion about a backdoor of nfd which allows apps to
> dump unsolicited data packets into content store of local nfd and how to
> close the backdoor. Here is a summary of the discussion, we would like to
> hear your comments. If people agree with it, we will start the
> implementation soon.
>
> ================
> 1. NFD backdoor
> Current NFD implementation allows local applications to dump unsolicited
> data packets into content store. This backdoor enables malware to cache
> poison local content store. To close the backdoor, nfd should 1) reject
> unsolicited data packets and 2) authenticate prefix registration on local
> nfd.
>
Can you explain how this "backdoor" works exactly and why it's
exploitable only by local applications?
Thanks,
Davide
More information about the Nfd-dev
mailing list