I don't agree. It makes things very convenient for the end user, especially today when a lot of people are behind NAT routers. The only way I can see it being a security hole is if you have some malicious executable running behind your router. If that is the case, the fact it can get your router to forward incoming connections isn't that significant, since it can easily connect outwards, or delete your data anyway...
Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois PIETTE Sent: 22 October 2006 17:03 To: ICS support mailing Subject: Re: [twsocket] IP Plug and Play or IPV6 In my opinion, UPnP /is/ a large hole in security. It is disabled on my router. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be ----- Original Message ----- From: "Fastream Technologies" <[EMAIL PROTECTED]> To: "ICS support mailing" <twsocket@elists.org> Sent: Sunday, October 22, 2006 3:43 PM Subject: Re: [twsocket] IP Plug and Play or IPV6 > One addition to your answer: There is a standard called UPnP > (Universal Plug and Play) which enables supporting routers to be able > to be configured by software (not have to log in via the web interface > but they provide some sort of low level web service). This is used for > forwarding NAT ports. > > Regards, > > SZ > > On 10/22/06, Francois PIETTE <[EMAIL PROTECTED]> wrote: >> > Is this how somehing like Kazaa works.? >> >> This is how any p2p system works. There is are only two possibilities: >> 1) A given computer can receive incomming connections >> 2) A given computer cannot receive any incomming connection >> >> The case (1) occur when the computer is behind a fixewall, a proxy, a NAT >> router or other kind of security product which need to be configured to >> allow incomming connections. Most profesionnal users are in that >> situation. >> The case (2) occur for computer directly connected to the internet and >> having no firewall of security product installed. Many home user fall >> into >> this case which is very risky in term of security. >> >> With case (1), if both computers are in that case, you either have to use >> an >> intermediate server or have one of the computers configured to accept >> incomming connections (and thus fall into case (2)). >> >> With case (2), there is no problem for a computer to act as a server and >> accept incomming connection. The paradise for p2p network (and hackers >> using >> remote control software or back door software). >> >> -- >> Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html >> -- >> [EMAIL PROTECTED] >> http://www.overbyte.be >> >> >> >> ----- Original Message ----- >> From: <[EMAIL PROTECTED]> >> To: "ICS support mailing" <twsocket@elists.org> >> Sent: Sunday, October 22, 2006 11:59 AM >> Subject: Re: [twsocket] IP Plug and Play or IPV6 >> >> >> > Is this how somehing like Kazaa works.? >> > >> > Thanks >> > >> > ----- Original Message ----- >> > From: "Francois PIETTE" <[EMAIL PROTECTED]> >> > To: "ICS support mailing" <twsocket@elists.org> >> > Sent: Sunday, October 22, 2006 10:52 AM >> > Subject: Re: [twsocket] IP Plug and Play or IPV6 >> > >> > >> >> > So if in those applications pc1 has the mp3 that pc2 wants how is >> >> > the >> > data >> >> > transfered.. isn't one uploading and one downloading thus a minimum >> >> > of >> > one >> >> > server needed , sorry for the not understanding.? >> >> >> >> When no direct connection is possible (for example the user, like me >> >> has >> >> a >> >> NAT router), then an intermediate server is used. This intermediate >> >> server >> >> could be one of the user in the p2p network, a user which allows >> >> incomming >> >> connections (What a fool !). >> >> >> >> -- >> >> Contribute to the SSL Effort. Visit >> >> http://www.overbyte.be/eng/ssl.html >> >> -- >> >> [EMAIL PROTECTED] >> >> http://www.overbyte.be >> >> >> >> >> >> >> >> >> >> > ----- Original Message ----- >> >> > From: "Francois PIETTE" <[EMAIL PROTECTED]> >> >> > To: "ICS support mailing" <twsocket@elists.org> >> >> > Sent: Sunday, October 22, 2006 10:02 AM >> >> > Subject: Re: [twsocket] IP Plug and Play or IPV6 >> >> > >> >> > >> >> >> Those applications are client. There is only outgoing connections. >> >> >> >> >> >> -- >> >> >> Contribute to the SSL Effort. Visit >> >> >> http://www.overbyte.be/eng/ssl.html >> >> >> -- >> >> >> [EMAIL PROTECTED] >> >> >> http://www.overbyte.be >> >> >> >> >> >> >> >> >> ----- Original Message ----- >> >> >> From: <[EMAIL PROTECTED]> >> >> >> To: <twsocket@elists.org> >> >> >> Sent: Sunday, October 22, 2006 10:08 AM >> >> >> Subject: [twsocket] IP Plug and Play or IPV6 >> >> >> >> >> >> >> >> >> >I am using an app i wrote which opens a http server on each users >> >> >> >pc, >> >> >> >the >> >> >> >app when running registers with the website as online and this >> >> >> >obtains >> >> > the >> >> >> >true ip, port used etc. >> >> >> > >> >> >> > The app allows searches a php driven site to obtain the ip >> >> >> > address >> >> >> > of >> > a >> >> >> > given search criteria and returns the remote users details which >> > inturn >> >> >> > allows the communication to remote users directly. >> >> >> > >> >> >> > However at the moment being on a wireless connection and under >> > testing >> >> > via >> >> >> > my desktop and laptop i have to configure port redirection for >> >> >> > each >> >> > server >> >> >> > to allow the traffic to go to the correct server else neither >> > receives >> >> > or >> >> >> > maybe only one receive a request. But if i download bittorrent or >> > some >> >> >> > other similar app i can run there ap no problem without adding >> >> >> > any >> >> >> > information to my wireless admin to allow the traffic. How do >> >> >> > they >> >> >> > do >> >> >> > this, is it due to IPNP or IPV6 etc. >> >> >> > >> >> >> > Thanks for your help.. >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > To unsubscribe or change your settings for TWSocket mailing list >> >> >> > please goto http://www.elists.org/mailman/listinfo/twsocket >> >> >> > Visit our website at http://www.overbyte.be >> >> >> >> >> >> -- >> >> >> To unsubscribe or change your settings for TWSocket mailing list >> >> >> please goto http://www.elists.org/mailman/listinfo/twsocket >> >> >> Visit our website at http://www.overbyte.be >> >> >> >> >> >> >> >> > >> >> > -- >> >> > To unsubscribe or change your settings for TWSocket mailing list >> >> > please goto http://www.elists.org/mailman/listinfo/twsocket >> >> > Visit our website at http://www.overbyte.be >> >> >> >> -- >> >> To unsubscribe or change your settings for TWSocket mailing list >> >> please goto http://www.elists.org/mailman/listinfo/twsocket >> >> Visit our website at http://www.overbyte.be >> >> >> >> >> > >> > -- >> > To unsubscribe or change your settings for TWSocket mailing list >> > please goto http://www.elists.org/mailman/listinfo/twsocket >> > Visit our website at http://www.overbyte.be >> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be >> > > > -- > Fastream Technologies > Software IQ: Innovation & Quality > www.fastream.com | Email: [EMAIL PROTECTED] | Tel: +90-312-223-2830 > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
