Re: NAT Helper or UPnP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 05 July 2004 6:56 pm, Mark E. Donaldson wrote:

> > On Monday 05 July 2004 08:29, Antony Stone wrote:
> > > I know this is by no means a detailed reply, but I would say it comes
> > > down to one word - "security".
> >
> > I'll second that.
>
> How about a third. Permitting Microsoft's UPnP through your firewall is
> equivalent to taking all the curtains down in your house and letting the
> entire world look inside. But alas, they may not be content with just
> viewing as they may see some things they might like and will eventually
> break in at night and take them.

Actually, I'd say the analogy above is more like running IIS (or some similar 
service where a quick scan will reveal the version of vulnerabilities you're 
running, and the attacker can then come back with the right tool when they 
want to exploit it).

uPnP would let the burglars look through your windows in the afternoon, say 
"that looks nice", and take it there and then.

The whole point of uPnP is to advertise the availability of services, so 
allowing it through a firewall is simply inviting people to partake of those 
services as they wish.

Regards,

Antony.

-- 
If you can't find an Open Source solution for it, then it isn't a real 
problem.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux