[ previous ] [ next ] [ threads ]
 
 From:  Bob Gustafson <bobgus at rcn dot com>
 To:  monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Future plans after 1.3?
 Date:  Sun, 13 Dec 2009 14:33:44 -0600
'Port Knocking' is another alternative for selectively opening ports.

On Dec 13, 2009, at 14:18, Chris Buechler wrote:

> On Sun, Dec 13, 2009 at 5:13 AM, Quark Group - Hilton Travis
> <Hilton at quarkgroup dot com dot au> wrote:
>> G'day Robert,
>>
>> So, you're saying that the ability for any app to open a port on  
>> your firewall when it wants is a way to increase security?  Sorry,  
>> not in my world it isn't.  What stops malware opening ports in > a  
>> UPnP device?  UPnP has *no* place on a security device.
>>
>
> A legit argument can be made that having the ports open only when
> necessary is better than having them open always. A good upnp
> implementation that allows you to limit which hosts and which ports
> can be used eliminates the concerns about having things opened that
> shouldn't be. In combination with the ability to not always have those
> things open, it really can be more secure than the alternative, having
> the same things open always whether or not they're being used.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>