I've heard (I think it was on a Security Now podcast) that UPnP opens up big security hole for the end user (your customers) because there are trojans that use UPnP to poke a hole in the router and then it phones home with the IP address and port it opened. If that compromised machine starts running amok on your network then it would be a problem for you.
Greg On Aug 2, 2010, at 10:12 AM, Marlon K. Schafer wrote: > Man that sucks. We turn off upnp on ALL routers. I've always been told > that it's a big security hole. > > Thoughts on that? > marlon > > ----- Original Message ----- > From: "Josh Luthman" <j...@imaginenetworksllc.com> > To: "WISPA General List" <wireless@wispa.org> > Sent: Monday, August 02, 2010 7:29 AM > Subject: Re: [WISPA] XBOX live, NAT, and UPnP > > > I don't seem to have any issues with double or triple NAT. > > When I was working with MT to fix the upnp issue with Xboxes. I have > it marked as 4.6 with modifications (it was an unofficial 4.6 they > gave me) so I would say 4.7 or higher should enable Xbox upnp. Even > this requires a public IP on the Mikrotik to remove even nice strict > (I think it's called open?). > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser <k...@wavelinc.com> wrote: >> So does anyone here have any customers that use XBOX live and bark to you >> about you NAT? Apparently the XBOX live service is very picky about being >> behind any NAT device and its ability to make connections to other >> servers. >> From what I gathered is that the LIVE service uses Universal Plug and Play >> (UPnP) to get around this but the question I have is. If your doing >> masquerade on a Mikrotik Core Router should you enable UPnP on that >> device? >> Or should I just issue public IP’s to the customer that games and let them >> worry about it? And if you have UPnP enabled on the core router and then >> do >> a double-NAT through the customers Linksys router with UPnP enable does >> that >> not work because of the double-NAT? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
