[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Future plans after 1.3?
 Date:  Sun, 13 Dec 2009 15:18:15 -0500
On Sun, Dec 13, 2009 at 5:13 AM, Quark Group - Hilton Travis
<Hilton at quarkgroup dot com dot au> wrote:
> G'day Robert,
> So, you're saying that the ability for any app to open a port on your firewall when it wants is a
way to increase security?  Sorry, not in my world it isn't.  What stops malware opening ports in > a
UPnP device?  UPnP has *no* place on a security device.

A legit argument can be made that having the ports open only when
necessary is better than having them open always. A good upnp
implementation that allows you to limit which hosts and which ports
can be used eliminates the concerns about having things opened that
shouldn't be. In combination with the ability to not always have those
things open, it really can be more secure than the alternative, having
the same things open always whether or not they're being used.