[ previous ] [ next ] [ threads ]
 
 From:  Fernando Costa <cusquinho at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] UPNP
 Date:  Tue, 18 Oct 2005 18:30:32 -0200
Sure there are security risks involved in UPNP support. But I'm not
saying it should be enabled by default or anything like that. Maybe it
could be enabled on demand and support a few range of ports, or IPs,
applications, etc. I know ports could be added manually to the NAT
table, but some applications such as MSN, do not let you manually
configure some ports. This leads to a UPNP only solution.

Fernando

On 10/18/05, Chris Dickens <chris at object dash zone dot net> wrote:
> Okay, I didn't want to be the sour grape that said it when I admitted put it
> at the end of the list, but I'm pretty much with everyone else so far.
> Honestly, it sounds pretty useless to me.
>
> --Chris
>
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Tuesday, October 18, 2005 4:08 PM
> Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall-dev] UPNP
>
>
> > Cool thing about UPNP is that it will automatic add ports for direct
> > connections, such as file transfers.
> >
>
> and the *really* cool thing will be when some
> malware/spyware/worm/virus/trojan starts telling UPNP to open ports so the
> owned box can be hit directly from the Internet!  granted if it gets that
> far, it can start inbound-only connections and end up in pretty much the
> same situation with tunneling or similar things, but this could leave you
> open to the whole world.
>
> Name a single *real* firewall that supports UPNP.  There aren't any, because
> it's a ridiculously bad idea.
>
> I'm sufficiently tired of hearing people ask for something to make them
> horribly insecure though, so at this point if somebody wants to add support
> that's disabled by default, more power to 'em.  ;)
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>