[Udpcast] Mirroring files, security, etc.
alain at knaff.lu
Tue Mar 6 16:59:18 CET 2007
Forrest Aldrich wrote:
> Is anyone using UDPCast to periodically mirror files... ?
> I see a couple of older (2003) posts that ask somewhat similar
> questions; however, we have a series of media files (some very large,
> like a few gig) that need to be mirrored to a few hosts on a periodic
> basis. Hopefully, without overloading the link in the process.
> Anyway, we plan on mirroring files that are current within 48hours.
> Easy to build up that file list.
> I might be concerned about specifying "download, then overwrite" or
> "don't download if exists" and such (rsync can do some of these things).
> Obviously, there's little sense in mirroring files if they already exist.
Udpcast is meant for transferring individual files or hard disk images.
If you need to transfer multiple files, use tar together with udpcast
tar cf - /some/directory | udp-sender
udp-receiver | tar xf -
> I'm also concerned about security. We have a mix of Unix and Windows
> servers that will be utilizing this process (whatever it ends up being).
> Apart from individual firewall rules, what's the best way to secure
> udpcast from unwanted activity - this is a private network, but still
> prudent to secure any open services.
An malicious outside agent could interfere with the transfer by
injecting bogus packets into the transmission. Moreover,
non-participating hosts on the LAN could still listen in on the
transmission. To protect against this, you can proceed as follows:
1. Bind udpcast to the specific network interface that is on the secured
LAN (-i option)
2. Protect that LAN against intrusion using firewall rules.
Building in security into udpcast would have involved some form of
cryptography, which would have been incompatible with the high speed
transmission goal of udpcast.
More information about the Udpcast