Re: UPnP strikes again - dslreports.com

Author	All Replies
swhx7 Premium join:2006-07-23 Elbonia ·RoadRunner Cable	reply to swhx7 Re: UPnP strikes again Port forwarding is fine as long as you do it deliberately. If you want a particular service to accept incoming connections, forward its port to whichever computer is running the service. UPnP is intended to save users the trouble of doing this, or save vendors the trouble of explaining to non-technical users how to do it. That way they can use VOIP, for example, very easily. Unfortunately UPnP has been a locus of security problems both in Windows (which has a UPnP service) and on routers. If you are knowledgable enough to be reading this, you can turn it off and use port forwarding instead.
swhx7 Premium join:2006-07-23 Elbonia ·RoadRunner Cable	to forum · permalink · · 2008-01-15 17:44:43 ·
Jomsviking join:2007-12-28	Due to the many questions and wrong interpretations of their discoveries, GNUCitizen has added an FAQ about this topic: »www.gnucitizen.org/blog/flash-up···tack-faq Interesting to note that Petkov himself, in the discussion following the FAQ, states: "Many of you say that it is ok to turn UPnP off. Well, I am not sure about that. As a security guy I recommend turning UPnP off. Though, I can clearly see how this can turn into a problem. People does use it. Go explain to our grandma how to add a portforward through the admin interface so that she is secure when using whatever program she might have in mind. She would rather leave that decision to the computer, I guess. So let’s not be ignorant." UPnP takes a blow, that is for sure, but most people won't even know about this problem. And even for those who know, fixing a static IP and doing port forwarding manually may be difficult and pose a number of problems. Instant Messaging/VOIP functionality going to hell, for example. [Skype does NAT-traversality, but not specifically through an UPnP implementation, so it will, in principle, still work if you disable UPnP in your router] Those who think that they can disable flash (ex: use of the NoScript add-on for Firefox) and keep UPnP on will have two problems at least: - this hack might prove doable with Java or other web technologies. Just a matter of time, probably. - Even if we block flash by default, we always have to allow it sometime in some sites we see as trusted; but those sites can be compromised without our knowledge and then... And more and more sites are requiring this [crap] dynamical content to be displayed in order to function properly. Either coders of web content plattforms start becoming security conscious [no way in hell that will happen] or UPnP implementation is changed to provide strong authentication measures, which will not be happening anytime soon.... So meanwhile we have a problem in our hands of convenience x security, which is not necessarily trivial.
Jomsviking join:2007-12-28	to forum · permalink · · 2008-01-15 19:00:42 ·
Millenniumle join:2007-11-11 Fredonia, NY	My Vonage router works fine behind another router that has UPnP disabled. Nothing needed to be setup. Just plug it in and go. Perhaps Vonage equipment checks the system for calls rather than relying on a notification of a call from the system.
Millenniumle join:2007-11-11 Fredonia, NY	to forum · permalink · · 2008-01-16 10:29:58 ·
NoUPNP @cox.net	quote: My Vonage router works fine behind another router that has UPnP disabled. Same for my AT&T CallVantage router. In fact my router does not have uPnP on it at all. It isn't hard to do the application (VoIP in this case) correctly and not require uPnP or other security breaking hacks.
NoUPNP @cox.net	to forum · permalink · 2008-01-16 13:22:23 ·


Wednesday, 25-Nov 12:50:17	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF