On 19.10.2005, at 22:46, Chad R. Larson wrote:

> Fernando Costa wrote:
>
> I don't think he was saying your request was a horrible idea.  I think
> he was saying UPnP was a horrible idea.  I agree.  It's another  
> example
> of Microsoft engineers dreaming up "cool things" with no thought  
> toward
> security.

Ok, let's be honest for a moment. Where do you think m0n0wall is used  
the most? Enterprise? Small- and medium-sized businesses? SoHo?  
Enthusiast? Well, I couldn't pinpoint it clearly to one group but I  
would say based on my experience, it's definitively not the  
enterprise group and may be a big part on home users and enthusiasts.  
Given this, I would say that uPNP could be a very nice "feature" for  
those users. Of course some people might think of it as a "security  
hole" but if it's not enabled by default and can only be turned on by  
people who know what they are doing (I would say those who install a  
m0n0wall should already know what they are doing) then it can be  
considered as a "safe" feature.

I really think that some people here are losing the focus on the main  
user group... I really don't see m0n0wall as an alternative for high- 
security environments in enterprises. So uPNP should be a natural  
step to take and to offer it to those users who might want it.

By the way, there are quite some scenarios where uPNP is almost a  
required feature. For example, if you have multiple machines that use  
apps which all require to have forwarded the same ports like voip  
clients, things like iChat or bittorrent behind a nat-ed connection  
to the net, then it's not a viable solution to enter port forwardings  
for those apps manually. Well, it's even not possible because you can  
only forward the ports to one client at a time. Take iChat for  
example. If a user wants to make a filetransfer or a video chat they  
need to have several ports forwarded to their internal machine. When  
some other user wants to do the same 10 minutes later, you would have  
to reconfigure every forwarding manually. This is simply not  
bearable. In such situations it really makes sense to have some  
dynamic configuration that does the job. Also, it makes possible for  
an app like iChat to request other external ports when the default  
ones are already forwarded to another active iChat user.

Of course uPNP should be implemented safely, so that only certain  
addresses or ports may be opened. I don't know uPNP fully, but maybe  
it's even possible to restrict the apps that may use it. And then  
there is common sense of the users. If you don't turn uPNP on by  
default and tell the users, that it's potentially unsafe if they open  
it, well then that's all you can do. It's still better than when  
people just start to open all ports on the firewall, just to not have  
any more hassles. And there are such people who do this with a  
m0n0wall. I've seen those installations...! That's far worse than  
having a potentially unsafe feature like uPNP which would make those  
people's live easier for a smaller trade-off of security. Maybe the  
critics of uPNP might start to consider those arguments and try to  
remember who is using m0n0wall in the first place.

Kind regards,

Andres