[ previous ] [ next ] [ threads ]
 
 From:  Adam Gibson <agibson at ptm dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Future plans after 1.3?
 Date:  Mon, 14 Dec 2009 12:22:18 -0500
On 12/13/2009 06:34 PM, Quark Group - Hilton Travis wrote:
> So, what happens when some malware gets installed on a PC

Malware could use UPNP but I don't see why they would.  It would be too 
unreliable because of other external filtering, local client firewall 
software that might not allow the UPNP by default, gateways that have 
UPNP disabled, etc.  They currently just use the outgoing tunnelling 
method.  It is much more reliable to establish an outgoing channel from 
the infected PC to a remote server which is compromised and use that as 
a tunnel to allow them to connect back in to the desktop.

Not to say disabling UPNP is not advisable.  I do the same thing on 
every gateway system I have control over including family members 
gateways.  Mainly to restrict legitimate software that gets installed 
though.