[ previous ] [ next ] [ threads ]
 
 From:  Quark IT - Hilton Travis <Hilton at QuarkIT dot com dot au>
 To:  Tim Nelson <tnelson at rockbochs dot com>, m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Beta 1.3b16 released
 Date:  Mon, 13 Apr 2009 17:47:52 +1000
> -----Original Message-----
> From: Tim Nelson [mailto:tnelson at rockbochs dot com]
> Sent: Monday, 13 April 2009 1:28 PM
>
> ----- "Harbert Reilink" <harbert at orangebroom dot com dot br> wrote:
> > On Sun, 12 Apr 2009 11:06:59 -0700, Christopher LILJENSTOLPE
> > <cdl at asgaard dot org> wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > I second this vote.
> > >
> > >   Chris
> > >
> > > On 11/04/2009, at 11:51 AM, Egbert Jan van den Bussche wrote:
> > >
> > >> PLEASE NO UPNP! This is firewall software. Let's keep it safe.
> > >>
> > >> Egbert Jan
> > >>
> > >>> -----Oorspronkelijk bericht-----
> > >>> Van: ConiKost at gmx dot de [mailto:ConiKost at gmx dot de]
> > >>> Verzonden: zaterdag 11 april 2009 19:38
> > >>>
> > >>>> Regarding future development: I still plan on releasing 1.3
> > anytime
> > >>>> soon, but would like to tackle the following issues first.
> > >>> If you can
> > >>>> help with any of these, please let us know.
> > >>>
> > >>> IMHO, we should be thinking about adding UPNP in the future...
> > >>>
> > >>>
> > I think there has been sufficient anti-commercial about UPNP, meaning
> > the
> > big security holes.....
> > I used it in the past, but I don't miss it at all now.....
> > There has been said before that integrating UPNP in m0n0wall is a no
> > go,
> > because of those security issues, so I wonder why it should change
> > now?
> >
>
> If there is sufficient call for it, why not add the feature but make it
> disabled by default? I will never use it on my boxen but surely
> *someone* would find it useful?
>
> --Tim

G'day Tim,

Because adding a known vulnerability waiting to be exploited into a security device goes against all
common sense and even uncommon sense.  It also goes against all security principles that M0n0wall is
based on.  :)

In addition to this, it enhances M0n0wall in no positive way - all it does is allow the
configuration of a M0n0wall system not to be easily determined, it allows a way for any software
that chooses to the ability to open ports into any computer they choose and it almost totally
removes any security functionality of a M0n0wall system in your network.

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis                       Phone: +61 (0)7 3105 9101
(Brisbane, Australia)               Phone: +61 (0)419 792 394
Manager, Quark IT                   http://www.quarkit.com.au
         Quark Group                http://www.quarkgroup.com.au

     Microsoft SBSC PAL (Australia) http://www.sbscpal.com/

War doesn't determine who is right.  War determines who is left.


This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd  ::  ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT