[ previous ] [ next ] [ threads ]
 
 From:  Andrew Hull <list at racc2000 dot com>
 To:  Mono Wall list <m0n0wall at lists dot m0n0 dot ch>, M0n0 Wall Dev list <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Feature request: UPnP
 Date:  Tue, 22 Jul 2008 13:08:02 -0400
Quark IT - Hilton Travis wrote:
> NO.  NO.  NO.
> 
> UPnP is a massive security vulnerability waiting to be exploited.  What
> use is a firewall where ANY unauthenticated application can open a port
> and forward it?
> 
> Anyone who enables UPnP has no conception of security.
> 

Here, here!

UPnP is a *very* bad idea from a network security standpoint. As 
currently implemented, I *will not* use UPnP, I disable it on every 
router that supports it, and do not recommend it to anyone for any reason.

However, I do acknowledge that every on in the world does not agree with 
me.

I would not be staunchly opposed to UPnP support in m0n0 if implemented 
with the following criteria:
- disabled by default
- some sort of a "this is a huge security venerability" note next to the 
  UPnP enable check box in the GUI.

Again, I will never use/enable UPnP... but someone may want to despite 
the security consequences.

Andy Hull