[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] UPNP
 Date:  Tue, 18 Oct 2005 16:08:03 -0400
> Cool thing about UPNP is that it will automatic add ports for direct
> connections, such as file transfers.

and the *really* cool thing will be when some
malware/spyware/worm/virus/trojan starts telling UPNP to open ports so
the owned box can be hit directly from the Internet!  granted if it
gets that far, it can start inbound-only connections and end up in
pretty much the same situation with tunneling or similar things, but
this could leave you open to the whole world.

Name a single *real* firewall that supports UPNP.  There aren't any,
because it's a ridiculously bad idea.

I'm sufficiently tired of hearing people ask for something to make
them horribly insecure though, so at this point if somebody wants to
add support that's disabled by default, more power to 'em.  ;)