It depends on what you consider a security threat. Most of the NAT traversal topics discussed here are based on techniques that require both sides of the connection to actively attempt to connect the other, and usually some sort of centralized coordination. So there is some question as to whether the connection itself is a security threat when both sides are requesting the connection to be established.
That being said, there may be some security vulnerabilities brought about by punching a hole in the firewall (i.e. some bad actor makes himself look like the person you are allowing communication to/from), but there are ways to deal with verifying that the other user that you are connecting to is really/truly who you think it is. The other option of course is to tighten what damage can be done by somebody who hijacks the connection and thus take the incentive out of hijacking the connection in the first place. UPnP is not a standard as it is adequately supported in less than 50% of the devices that are out there (based on RedSwoosh experience). If you're trying to get 90%+ peer connectivity, UPnP is a tool in the toolbox, but not the toolbox itself. T Lindsay Oproman said: > Straightforward question really, but I've been reading about all of this > NAT > trickery lately, and I'm wondering why UPnP isn't considered a standard > solution. I figure there must be a good reason for the efforts put forward > to circumvent NAT outside of UPnP. Is there any hard data which suggests > it > is not reliable in some way? > > Most of my Googlin' results in claims of it being a "security threat." > Coincidentally, the recent flash exploit certainly strengthens that > argument. But any kind of program with the ability to punch holes in your > NAT is a potential security threat, isn't it? Or am I misunderstanding how > the two differ? > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers > Travis Kalanick Akamai Client [EMAIL PROTECTED] (v) 310.666.1429 AIM: ScourTrav123 _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
