On 11/12/17 15:03, Gert Doering wrote: > But that's the whole idea of UPnP or IGD. Whether you open one port or > all of them, on request of a possibly-compromised host, is of no relevance.
I would disagree, on the purely theoretical basis of how it would be presented to the user: Situation 1: 'good' host has opened recognisable TCP port Situation 2: 'bad' host has opened unrecognisable TCP port Situation 3: 'good' host has opened all TCP/UDP ports to its addresses Situation 4: 'bad' host has opened all TCP/UDP ports to its addresses It is relatively trivial to identify or query malicious behaviour when the possible situations in front of you are #1 and #2. When they are #3 and #4 it isn't as simple because you simply have less information about what's going on. If the standards were to theoretically permit the legitimate 'DFZ-enabling' in any such protocol, software creators will eventually use it for legitimate (albeit probably stupid) reasons, and it'll become common enough that even a relatively clued-up user would not be able to recognise if a host is placing itself in a DFZ for legitimate or illegitimate reasons. I personally disable uPnP everywhere, but as we're stuck with it in the wild, we should always be considering how changes could make the situation even worse than the current situation, as opposed to saying "this is all rubbish anyway". :) -- Tom
