search

digidem / comapeo-core

A local-first library for collaborating on mapping projects
MIT License
8 stars 1 forks source link

Block non-local connections on mdns server #68

Closed gmaclennan closed 1 year ago

gmaclennan commented 1 year ago

We create a tcp server for listening to mdns connections, but theoretically this could receive connections from outside the local network. We should reject/block incoming connections from non-local addresses. We can maybe do this by checking socket.remoteAddress against private IP ranges with something like https://github.com/mafintosh/bogon The reason for doing this is a security precaution, particularly if we are sending invites to peers discovered through mdns, and we want to be sure that incoming connections are local network only.

tomasciccola commented 1 year ago

I was wondering how can we test this. Should we have a publicly accessible node that does mdns and connects to a predefined topic, so we can reject it on a test? Or is there already a mdns testnet that we can use?

gmaclennan commented 1 year ago

This should be fixed in the latest implementation