Subj : fsxNet Feedback (ZeroTier)
To   : deon
From : Oli
Date : Fri May 14 2021 08:31 pm

deon wrote (2021-05-14):

Ol>> Is it completely independent?

d> Yes - https://www.zerotier.com/manual/#4_4

not convinced yet.

Ol>> Wikipedia tells me: "Virtual networks are created and managed using
Ol>> a ZeroTier controller. Management is done using an API, proprietary
Ol>> web-based UI (ZeroTier Central), open-source web-based or CLI
Ol>> alternative. Using root servers other than those hosted by ZeroTier
Ol>> Inc. is *impeded* by the software's license.

d> It seems illogical to impede the use of their roots via the software
d> license, when their documentation tells you how to do it (via moons).

I agree. It also would not qualify as Open Source software / license.

Ol>> Can I configure the ports or has the admin the power to change the
Ol>> rules at will?

d> The owner of the network controls the ports for the network. But you with
d> a (virtual) interface to the network can apply your OS level firewalling
d> - in the same way you may want to firewall one host from another on the
d> same ethernet network.

The owner of the network can also set other funky rules:

*Tap all of the traffic!*
Another incredibly powerful feature of ZeroTier is the ability to tap the entire network regardless of how widely distributed its nodes are. Using the tee ability within a flow rule essentially copies every frame sent/received by nodes on the network and sends it to a node of your choice such as an IDS or full packet capture solution such as Moloch.
from: https://blog.reconinfosec.com/locking-down-zerotier/

see also: https://www.zerotier.com/2016/08/31/capability-based-security-for-virtual-networks/
headline "Global Rules and Security Monitoring"

Is there a way to prevent this?

Ol>> Is it possible to use ZeroTier in a really decentralized way?

d> Yes, I believe so - even though I've not actually tried it with any
d> system not connected to the internet.

d> [...]

d> If zerotier
d> shuts down their root servers, you will still continue to function if you
d> have my moon configured.

It's still kind of centralized (your moon).

---
* Origin: . (21:3/102)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.