[Nfd-dev] Close NFD backdoor
Yingdi Yu
yingdi at CS.UCLA.EDU
Mon Sep 8 15:13:50 PDT 2014
Hi Davide
On Sep 8, 2014, at 9:29 AM, Davide Pesavento <davide.pesavento at lip6.fr> wrote:
> Can you explain how this "backdoor" works exactly and why it's
> exploitable only by local applications?
Ideally, nfd should only accept a data packet from an interface to which a matched pending interest has been forwarded, but current implementation accepts data packets from any local interface (I am not sure if remote interface is the same, Alex and Junxiao can correct me). Then a local application can basically dump any data packet into the content store of the local forwarder. Although the data consumer can detect the false data packet through signature validation, the overhead of fetching the correct data unnecessarily increases. In the worse cases, a malware can DoS many applications running on the same host.
Yingdi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20140908/c7090186/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20140908/c7090186/attachment.bin>
More information about the Nfd-dev
mailing list