On Sat, 6 Apr 2002, Mikael Olsson wrote: > Paul Robertson wrote: > > > > > [2] UPnP looks like a nice can of worms. I wonder who'll be first in > > > convincing some internal application to bore inbound holes through > > > UPnP-enabled firewalls for them. > > > > I'm waiting for the first UPnP Linux-loading worm ;) > > I think you mean a different can of worms. The can I was talking about > was one that hasn't gotten nearly enough attention: > http://hometoys.com/htinews/aug01/articles/microsoft/upnp.htm > (linked from http://www.upnp.org/ )
Nope, we're talking of the same thing... > > Internal boxes get to tell firewalls that support UPnP NAT > traversal which inbound ports they want mapped to themselves. > > While this at first may sound like the Universal Remedy to > NAT problems, it also puts us back to square one, i.e. > Bill and lusers deciding what is publicly accessible. It's worse, UPnP in the OS allows over-the-network driver loading (which is why HP is supporting it)- so, the UPnP firewall opens the ports, the UPnP OS loads the tainted driver, then it starts crawling around the network. At some point, the NTFS drivers are going to be good enough, and someone's going to be drunk enough to write up a worm to simply replace WindowsXPQRST with Linux... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
