[ previous ] [ next ] [ threads ]
 
 From:  "Chris Dickens" <chris at object dash zone dot net>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] UPNP
 Date:  Tue, 18 Oct 2005 16:16:41 -0400
Okay, I didn't want to be the sour grape that said it when I admitted put it
at the end of the list, but I'm pretty much with everyone else so far.
Honestly, it sounds pretty useless to me.

--Chris

-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Tuesday, October 18, 2005 4:08 PM
Cc: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: Re: [m0n0wall-dev] UPNP


> Cool thing about UPNP is that it will automatic add ports for direct 
> connections, such as file transfers.
>

and the *really* cool thing will be when some
malware/spyware/worm/virus/trojan starts telling UPNP to open ports so the
owned box can be hit directly from the Internet!  granted if it gets that
far, it can start inbound-only connections and end up in pretty much the
same situation with tunneling or similar things, but this could leave you
open to the whole world.

Name a single *real* firewall that supports UPNP.  There aren't any, because
it's a ridiculously bad idea.

I'm sufficiently tired of hearing people ask for something to make them
horribly insecure though, so at this point if somebody wants to add support
that's disabled by default, more power to 'em.  ;)

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch