[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Future plans after 1.3?
 Date:  Sat, 05 Dec 2009 17:09:50 +0100
Robert schreef:
> Paul is right.  There are certain apps which can move around (within my home
> network) as well as open different ports.  This may go against a good
> security policy, but a well behaved UPnP setup can actually be *more* secure
> since the ports close when the app is shutdown.
>
>   
I would dare to say, that those apps are not good at all !
uTorrent is also UglyPNP aware, but you can choose to disable it..., so 
if you have apps that need it... I'd say that those apps are not really 
that good...

But I agree, an option to enable it would be handy for some of us (I 
would leave it disabled, just like my pfSense setups - Don't won't no 
UglyPNP in my network !)

Telling that UPNP would be more secure, is somewhat weird to say 
though... if you or anyone within your organization/home succeeds in 
installing some malware opening up RDP ports, installing VNC (and 
opening up ports at will...) I would ask, how safe is this...
Back in the days, that upnp came available... I once enabled it on a 
DLINK DI-824VUP to use uTorrent, oh man, that went great... it openend 
up far more ports than actually needed, cpu of the router went through 
the roof (webgui litterally froze on me).

But hey, I don't want to argue the safety of Upnp - but it definitely 
should be an option that is DISABLED by default !


Kind regards,
Michel