Pavel Simerda wrote: > On Sat, 23 Aug 2008 18:21:38 +0200 > Dirk Meyer <[EMAIL PROTECTED]> wrote: >> UPnP is a working choice, but bad. Just google for it. > > I know what UPnP is.
I mean: google why it is a bad choice :) See below >> Since it is based on HTTP attackers found a way to open ports on >> your router. > > Please be more precise, this is not a useful piece of information at > all. OK. UPNp uses HTTP. If an attacker knows your router IP address (in many cases 192.168.1.1) he can use your browser to open port forwarding on your router so you expose services (windows has a lot of services that should be closed to the outside). First link I found using google: http://www.haveyougotwoods.com/archive/2008/01/15/common-home-router-exploit-upnp-enabled-routers-only.aspx >> Besides that, I do not like the idea that every app can open ports. > > This is how TCP/IP works. Any application may open a socket and talk > to the internet. > > Jabber won't work if a jabber client can't open a socket. > > Again, please be more precise so others understand what security > issues you actually mean. Sorry, I mean listening ports. A NAT is a poor mans firewall because you can't address a machine behind it. That makes it a simple firewall and nothing can connect to your PC, stuff can only connect to the outside. IMHO this is very usefull for normal people. When setting up a network for other people I a) make sure UPnP is tured off and b) make sure only the needed ports are forwarded (which is only one port I need to get on the machine to fix it because the user broke it). Dirk -- .sdrawkcab dootsrednu tub sdrawrof devil si efiL
