Paul Robertson wrote: > > > [2] UPnP looks like a nice can of worms. I wonder who'll be first in > > convincing some internal application to bore inbound holes through > > UPnP-enabled firewalls for them. > > I'm waiting for the first UPnP Linux-loading worm ;)
I think you mean a different can of worms. The can I was talking about was one that hasn't gotten nearly enough attention: http://hometoys.com/htinews/aug01/articles/microsoft/upnp.htm (linked from http://www.upnp.org/ ) Internal boxes get to tell firewalls that support UPnP NAT traversal which inbound ports they want mapped to themselves. While this at first may sound like the Universal Remedy to NAT problems, it also puts us back to square one, i.e. Bill and lusers deciding what is publicly accessible. "Down, not across". -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com For bored sysadmins: http://lart.badf00d.org _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
