Requiring manual approval is an excellent idea for the ThingSafe RFC! -mel
> On Oct 27, 2016, at 2:10 AM, Mike Meredith <mike.mered...@port.ac.uk> wrote: > > On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <l...@ofcourseimright.com> > may have written: >> Well yes. uPnP is a problem precisely because it is some random device >> asserting on its own that it can be trusted to do what it wants. Had > > From my own personal use (and I'm aware that this isn't a general > solution), I'd like a device that sat on those uPnP requests until I logged > into the admin interface to review them. Now if you could automate _me_ > then it might become more generally useful :- > > uPnP(ssh, for admin access) -> f/w > > f/w -> uPnP device: Don't be silly. > >> But if instead of a pet feeder we're talking about a home file sharing >> system or a video camera where you don't want to share the feed into the >> cloud? There will be times when people want inbound connections. We >> need an architecture that supports them. > > As someone who manages an application-based firewall, every problem looks > like it would be easier to solve using an application-based firewall :) > > -- > Mike Meredith, University of Portsmouth > Principal Systems Engineer, Hostmaster, Security, and Timelord! >
