[ previous ] [ next ] [ threads ]
 
 From:  Quark Group - Hilton Travis <Hilton at quarkgroup dot com dot au>
 To:  "valnar at yahoo dot com" <valnar at yahoo dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Future plans after 1.3?
 Date:  Sun, 13 Dec 2009 20:13:34 +1000
G'day Robert,

So, you're saying that the ability for any app to open a port on your firewall when it wants is a
way to increase security?  Sorry, not in my world it isn't.  What stops malware opening ports in a
UPnP device?  UPnP has *no* place on a security device.

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis                       Phone: +61 (0)7 3105 9101
(Brisbane, Australia)               Phone: +61 (0)419 792 394
Manager, Quark IT                   http://www.quarkit.com.au
         Quark Group                http://www.quarkgroup.com.au

War doesn't determine who is right.  War determines who is left.


> -----Original Message-----
> From: Robert [mailto:valnar at yahoo dot com]
> Sent: Saturday, 5 December 2009 12:19 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Future plans after 1.3?
>
> Paul is right.  There are certain apps which can move around (within my
> home
> network) as well as open different ports.  This may go against a good
> security policy, but a well behaved UPnP setup can actually be *more*
> secure
> since the ports close when the app is shutdown.
>
> I have a video chat program that I use with my Dad and it utilizes
> UPnP.
> Bitorrent clients can also be setup to do the same.  I also use pfSense
> the
> way Paul described.  I lock down the ports and apps that can be used so
> it's
> partially static.  Nothing is using UPnP on my home network without my
> knowledge, which is something that can't be said in a corporate
> environment.
>
> I recommend the developers take a look at the way pfSense implemented
> their
> UPnP support.  As was mentioned before, it can be disabled by default
> on
> install.


This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd :: ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT