[ previous ] [ next ] [ threads ]
 
 From:  Richard Harvey <richard at squarecows dot com>
 To:  Mono Wall list <m0n0wall at lists dot m0n0 dot ch>
 Cc:  M0n0 Wall Dev list <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] Re: [m0n0wall] Feature request: UPnP
 Date:  Wed, 23 Jul 2008 11:08:12 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree with the security side of this and would *never* recommend this
on a corporate network, however its a very useful feature if your using
m0n0 on a home network and want to get a games console working, easily
and quickly without having to google for the endless ports/protocols
some of the manufacturers use.

I totally agree that this should be disabled by default, and have
warnings slapped all over it, It should be discouraged but not
supporting it and removing a users choice is a bit like being in a
dictatorship.

*IF* enough users want this why not give them the option?

After all its their networks and having a choice is good and in the
spirit of open source after all.

Ric

Andrew Hull wrote:
> Quark IT - Hilton Travis wrote:
>> NO.  NO.  NO.
>>
>> UPnP is a massive security vulnerability waiting to be exploited.  What
>> use is a firewall where ANY unauthenticated application can open a port
>> and forward it?
>>
>> Anyone who enables UPnP has no conception of security.
>>
> 
> Here, here!
> 
> UPnP is a *very* bad idea from a network security standpoint. As
> currently implemented, I *will not* use UPnP, I disable it on every
> router that supports it, and do not recommend it to anyone for any reason.
> 
> However, I do acknowledge that every on in the world does not agree with
> me.
> 
> I would not be staunchly opposed to UPnP support in m0n0 if implemented
> with the following criteria:
> - disabled by default
> - some sort of a "this is a huge security venerability" note next to the
>  UPnP enable check box in the GUI.
> 
> Again, I will never use/enable UPnP... but someone may want to despite
> the security consequences.
> 
> Andy Hull
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiHAwwACgkQlh7dZJ0Pyjdc8QCdEqqogaoZ9T7Vu8U1pJb5ipPa
8DoAnAqBcRpWwdH3Fi9y/CDbKe/1Ih4B
=mU0c
-----END PGP SIGNATURE-----