|
||||||||
Paul is right. There are certain apps which can move around (within my home network) as well as open different ports. This may go against a good security policy, but a well behaved UPnP setup can actually be *more* secure since the ports close when the app is shutdown. I have a video chat program that I use with my Dad and it utilizes UPnP. Bitorrent clients can also be setup to do the same. I also use pfSense the way Paul described. I lock down the ports and apps that can be used so it's partially static. Nothing is using UPnP on my home network without my knowledge, which is something that can't be said in a corporate environment. I recommend the developers take a look at the way pfSense implemented their UPnP support. As was mentioned before, it can be disabled by default on install. |