From: "Mark E. Donaldson" <markee@bandwidthco.com>
To: 'Gavin Hamill' <gdh@acentral.co.uk>, netfilter@lists.netfilter.org
Subject: RE: NAT Helper or UPnP?
Date: Mon, 5 Jul 2004 10:56:54 -0700 [thread overview]
Message-ID: <SERVER7T2NqFJ3sl3xb000000a7@server7.bandwidthco.com> (raw)
In-Reply-To: <200407050848.23707.gdh@acentral.co.uk>
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Gavin Hamill
Sent: Monday, July 05, 2004 12:48 AM
To: netfilter@lists.netfilter.org
Subject: Re: NAT Helper or UPnP?
On Monday 05 July 2004 08:29, Antony Stone wrote:
> I know this is by no means a detailed reply, but I would say it comes
> down to one word - "security".
I'll second that.
Microsoft released a long article extolling the virtues of UPnP where it
pitches the system as a replacement for X.10 home automation, (e.g.
everything including your alarm clock is UPnP enabled, and gets synchronised
/ alarms set by a central server), with only a small mention of the hideous
firewall 'features'
UPnP moves policy and security decisions from the firewall ruleset where
they properly belong to a userspace app running on Windows - forgive me, but
the designer of this system seems like a candidate for the Darwin Awards of
the most dangerous and stupid network idea ever - just think the next
version of Sasser / Fizzer would open ports on your $50 UPnP-enabled
firewall and make you be an even bigger zombie host.
And all in the name of 'ease of use' - bah. Let's hope a huge lawsuit
against Netgear / Belkin / other low-end router manufr. puts an end to this
disease.
gdh
How about a third. Permitting Microsoft's UPnP through you firewall is
equivalent to taking all the curtains down in your house and letting the
entire world look inside. But alas, they may not be content with just
viewing as they may see some things they might like and will eventually
break in at night and take them.
next prev parent reply other threads:[~2004-07-05 17:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040705143812.300.qmail@eyou.com>
2004-07-05 6:38 ` NAT Helper or UPnP? =?unknown-8bit?b?wbfK6bPJ?=
2004-07-05 7:29 ` Antony Stone
2004-07-05 7:48 ` Gavin Hamill
2004-07-05 17:56 ` Mark E. Donaldson [this message]
2004-07-05 18:18 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SERVER7T2NqFJ3sl3xb000000a7@server7.bandwidthco.com \
--to=markee@bandwidthco.com \
--cc=gdh@acentral.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox