-----BEGIN PGP SIGNED MESSAGE-----
I agree with the security side of this and would *never* recommend this
on a corporate network, however its a very useful feature if your using
m0n0 on a home network and want to get a games console working, easily
and quickly without having to google for the endless ports/protocols
some of the manufacturers use.
I totally agree that this should be disabled by default, and have
warnings slapped all over it, It should be discouraged but not
supporting it and removing a users choice is a bit like being in a
*IF* enough users want this why not give them the option?
After all its their networks and having a choice is good and in the
spirit of open source after all.
Andrew Hull wrote:
> Quark IT - Hilton Travis wrote:
>> NO. NO. NO.
>> UPnP is a massive security vulnerability waiting to be exploited. What
>> use is a firewall where ANY unauthenticated application can open a port
>> and forward it?
>> Anyone who enables UPnP has no conception of security.
> Here, here!
> UPnP is a *very* bad idea from a network security standpoint. As
> currently implemented, I *will not* use UPnP, I disable it on every
> router that supports it, and do not recommend it to anyone for any reason.
> However, I do acknowledge that every on in the world does not agree with
> I would not be staunchly opposed to UPnP support in m0n0 if implemented
> with the following criteria:
> - disabled by default
> - some sort of a "this is a huge security venerability" note next to the
> UPnP enable check box in the GUI.
> Again, I will never use/enable UPnP... but someone may want to despite
> the security consequences.
> Andy Hull
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----