ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Homeland Security: Disable UPnP

<< < (4/6) > >>

Stoic Joker:
I'm not a gamer so I can't really speak to that but I've never forwarded any ports to my torrent client yet it seems to work just fine.-Stoic Joker (January 31, 2013, 06:45 PM)
--- End quote ---
Well, as long as you're only interested in leeching, and are dealing with well-seeded torrents, sure. But if you want to give a bit back, or are dealing with something where you need the protocol's "tit-for-tat" to kick in effect, you really do want to be able to accept incoming connections, not just initiate outgoing.

Keep in mind I'm only talking small home networks here - I definitely wouldn't want UPnP on a business network or something connecting a public wifi hotspot.-f0dder (February 01, 2013, 03:25 AM)
--- End quote ---

By "it seems to work just fine", I meant that it is accepting incoming connections. As I generally host anything I download for a day or so...and there is usually quite a bit of activity considering I cap the upstream at 10Mb (my fiber connection is 40Mb symetrical).

tomos:
How to fix the UPnP security holes
 
Universal Plug and Play has always had security holes. Here's how to plug them.

http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584
-Tinman57 (January 31, 2013, 08:02 PM)
--- End quote ---

thanks for that -
unfortunately, it sounds like you've got to be pretty much an expert to figure this stuff out :(

Curt:
How to fix the UPnP security holes
Universal Plug and Play has always had security holes. Here's how to plug them.
http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584-Tinman57 (January 31, 2013, 08:02 PM)
--- End quote ---
thanks for that -
unfortunately, it sounds like you've got to be pretty much an expert to figure this stuff out :( -tomos (February 01, 2013, 08:47 AM)
--- End quote ---

-exactly my thought as well.
So I wrote Agnitum, because:

So what can you do in the meantime? Just keep that firewall up once and for all against UPnP traffic.-ZDNet
--- End quote ---

We've survived UPnP until now, maybe all this is not extremely urgent...
I hope for an answer no later than Monday.

Stoic Joker:
The other network protocol based eyesore that I'm waiting to see ripped apart is Bonjour. Because it's basically self exploiting by design - New device appears on the wire...Bonjour responds with ~hi~~Here's all my stuff...wanna hook up?

f0dder:
By "it seems to work just fine", I meant that it is accepting incoming connections. As I generally host anything I download for a day or so...and there is usually quite a bit of activity considering I cap the upstream at 10Mb (my fiber connection is 40Mb symetrical).
-Stoic Joker (February 01, 2013, 06:58 AM)
--- End quote ---
How can it possibly do that if you're NAT'ed, have disabled UPnP and haven't manually set up a port forward?

Now, if your torrent client has made and outbound connection to a peer in order to grab data from it, and that peer only had partial data (ie., is still downloading) and the TCP connection is kept, sure - it'll still be downloading from you. But how would you get an inbound TCP connection if you had no port forward?

Also: fiber? bastard! :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version