Have you ever known something was going to happen, and the anticipation of waiting for it to occur drove you crazy? That’s what happens when you deal with the press. Recently, SANS discovered PNRP was on by default and posted an announcement for network administrators so they would know what this new mysterious traffic is. This was stated in the privacy statement so it wasn’t a secret. (although, it is a large document). Knowing that the press would find this interesting, all we could do was wait for the phone to ring.
Noah has had the “privilege” of dealing with the press over the last week, as they get around to scavenging the tidbits of data, applying the prerequisite spin necessary to whip up enough ad impressions, and creating panic for the express purpose of getting attention. This CNet article is quite humorous in this regard as it claims “pose a security risk to them” quickly followed by the beta testers saying “they aren’t worried” (a.k.a why are you making stuff up). As I have said before, you can’t blame the press, its how they make money just keep plenty of grains of salt around.(On an interesting side note, Raymond Chen had a post about the fabrication of facts here)
So what the stink all about?
In Beta 1 of Windows Vista we added a service to auto register a random peername with the link local address registered as the payload (127.0.0.1)
Why is the service on by default?
The main reason is we need to have a real world test of a protocol that needs to scale to millions of machines. We need to determine this in the beta, so its verified before we ship. It will be turned off by RTM
Does it disclose information about my machine?
Not really, here is exactly what happens, each time the machine starts, a 64 bit random number (i.e. from 0 to 18446744073709551616) is generated and appended to the name 0.PnrpAuto, then that name is hashed which creates a 128 bit number (2^128 or 3.4028236692093846346337460743177e+38). Then the top 64 bits of the ipv6 address(ie the global prefix, identifying the type of Global address (6to4,ISATap or native) and another 64 bit random number are appended to the end to create a 256 bit “peer name” (2^256! or 1.1579208923731619542357098500869e+77). Normally pnrp associates a IP address with a peername, so we chose to use 127.0.0.1 as the address we register.
So, from the wire, you can’t determine what the original name was, and even if you could it doesn’t disclose any personal information!
However, as this is a peer to peer protocol, it does talk to other machines, and as with all ip based protocols, when you talk to someone, they know who sent packets to them so they can determine that your machine is running the pnrp protocol (although only the machines that you talk to)
Is it secure?
Pnrp has passed more security reviews than the average protocol. It has been reviewed by the Windows security team (Michael Howard’s team), researchers in MSR, and various other groups around Microsoft, as well as the peer networking team.
So no, the sky isn’t falling, your beta testing is helping us verify that the PNRP feature will work, while we still have a chance to fix any issues that arise!