[ previous ] [ next ] [ threads ]
 
 From:  Tom <tomvaldes at comcast dot net>
 To:  Quark IT - Hilton Travis <Hilton at quarkit dot com dot au>
 Cc:  Tom Valdes <Tom dot Valdes at soa dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] uPNP in future versions? or how can I do this?
 Date:  Sun, 04 Sep 2005 12:53:23 -0400
I get the picture uPNP is bad! :-)

I was unclear if I used uPNP (dynamic port portwarding, whatever) on a 
machine in the DMZ if that would create any security problems, since 
that what the DMZ is for.

The problem with simple port forwarding is that different games need 
different ports, so I was going to create a DMZ and stick the machine there.

There must be a way to create dynamic ports which only work for a 
particular machine or to a subnet in the DMZ.

thanks,
tom

>Hi Tom,
>
>  
>
>>-----Original Message-----
>>From: Tom Valdes [mailto:Tom dot Valdes at soa dot com] 
>>Sent: Saturday, 3 September 2005 00:45
>>
>>Are there any plans to include uPNP in a future version?
>>    
>>
>
>God no!  UPnP is a security night-terror waiting to happen.  When a
>hacker with an IQ in double digits starts to look at how reminiscent of
>a sieve UPnP is, they will have a field day.  There is NO way to protect
>a security device that implements UPnP.
>
>  
>
>>I am pretty sure I know the risks, but this is what I'm 
>>trying to do, so what is the right way to do it?
>>    
>>
>
>If you knew the risks, you'd not be asking for this on a security
>device.  So, the right way to do it is not to do it at all. 
>
>  
>
>>I have a game system that needs ports forwarded to it, but each game
>>needs different ports.
>>    
>>
>
>Then forward the needed ports.
>
>  
>
>>I could put it in a DMZ, but I have a cable modem with one dynamic IP
>>address, so I can't simply forward all ports for one address to the
>>machine in the DMZ.
>>
>>From what I understand, I need uPNP.  Is there another way to do this?
>>    
>>
>
>With port forwards.
>
>--
>
>Regards,
>
>Hilton Travis                          Phone: +61 (0)7 3344 3889
>(Brisbane, Australia)                  Phone: +61 (0)419 792 394
>Manager, Quark IT                      http://www.quarkit.com.au
>         Quark AudioVisual             http://www.quarkav.net
>
>http://www.threatcode.com/ <-- its now time to shame poor coders 
>into writing code that is acceptable for use on today's networks
>
>War doesn't determine who is right.  War determines who is left.
>
>This document and any attachments are for the intended recipient 
>  only.  It may contain confidential, privileged or copyright 
>     material which must not be disclosed or distributed.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>  
>