Meanwhile in Arch land (possibly other distros as well), the fwupd package (which I imagine to be a fairly common package to be installed among the user base) has been silently configured to depend on passim, which spins up an open web server on 0.0.0.0:27500[1] without any(!) explicit user consent whatsover. Passim then uses GnuTLS, which is famous for containing more holes than Swiss cheese [2][3].
Absolutely insane to me, and I would not be surprised if there's an xz type of exploit hidden somewhere in the chain.
fix for resolved is commented out on /etc/systemd/resolved.conf `LLMNR=no`, and you probably also want `DNSStubListener=no`. heck here is a good default
veering offtopic: I always thought mDNS was an Apple thing, since Bonjour is the most extensive implementation of it (and Windows sucks at it. In fact the only way I found to get a full mDNS implementation on Windows a few years ago was to install Bonjour via an installer extracted from iTunes for Windows).
The Wikipedia page for mDNS [1] doesn't have a lot of history information, saying just that the idea of mDNS was first proposed by Bill Woodcock & Bill Manning to the IETF in 2000, and neither seem obviously tied to Microsoft. Apple later published Bonjour in 2002, and mDNS only became an official rfc6762 in 2013!
2. apple uses bounjour, similar to netbios, but with modern conveniences, like NAT aware.
3. windows add same niceties on top of netbios and call it LLMNR.
4. apple standardize bounjour as mDNS and open it up just because they would have to publish code because of some licenses they offended (but going into this is veering way too much offtopic on your offtopic)
5. everyone standardize on mDNS
6. RedHat (using their fake open source promotion called freedesktop, nee XDG) pushes for LLMNR for god knows why! (well, might be a reason poetering works for MS now)
7. even microsoft abandon LLMNR and netbios in favour of mDNS. everyone is using mDNS. RH/freedesktop/systemd/fwmg (all the same people) chose to base their LAN distribution service logic on LLMNR.
8. RedHat works backward compatibility of LLMNR into mDNS and things get VERY confusing. Or not. Their documentation uses the name interchangeably and honestly, at this point I am not sure of anything and I'm not paid to look at that code for over a year. I wouldn't be surprised if resolved is actually using mDNS but the setting/code is still just "called" LLMNR. /shrug.
The client uses DBUS to ask the server how many bytes were download from your LAN peers (unless you connect your device directly to the internet, then i guess i will show how many bytes ssh probes downloaded from you, inflating their numbers and making them more aggressive on the server feature)
also, note the quaint code to tell how much carbon it saved earth.
edit: interestingly, if you search for that data collection method name, both ddg and google only find the call from fwmgr side. the actual one, older, from passim code is not shown anywhere
Absolutely insane to me, and I would not be surprised if there's an xz type of exploit hidden somewhere in the chain.
[1]: https://github.com/fwupd/fwupd/issues/6721
[2]: https://news.ycombinator.com/item?id=7347500
[3]: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gnutls