Agree with Travis and adding one more thing .... Often an household has multiple layers of NAT. For example, the DSL modem may have a nat and plugged in to that is a wireless access point that also is a NAT. This multiple layer of NAT is particular hard for UPnP to work with. The service provider might add another layer of NAT.
Cullen On Jan 17, 2008, at 12:30 AM, Travis Kalanick wrote: > It depends on what you consider a security threat. > Most of the NAT traversal topics discussed here are based on > techniques > that require both sides of the connection to actively attempt to > connect > the other, and usually some sort of centralized coordination. So > there is > some question as to whether the connection itself is a security threat > when both sides are requesting the connection to be established. > > That being said, there may be some security vulnerabilities brought > about > by punching a hole in the firewall (i.e. some bad actor makes > himself look > like the person you are allowing communication to/from), but there are > ways to deal with verifying that the other user that you are > connecting to > is really/truly who you think it is. The other option of course is > to > tighten what damage can be done by somebody who hijacks the > connection and > thus take the incentive out of hijacking the connection in the first > place. > > UPnP is not a standard as it is adequately supported in less than > 50% of > the devices that are out there (based on RedSwoosh experience). If > you're > trying to get 90%+ peer connectivity, UPnP is a tool in the toolbox, > but > not the toolbox itself. > > T > > > > > Lindsay Oproman said: >> Straightforward question really, but I've been reading about all of >> this >> NAT >> trickery lately, and I'm wondering why UPnP isn't considered a >> standard >> solution. I figure there must be a good reason for the efforts put >> forward >> to circumvent NAT outside of UPnP. Is there any hard data which >> suggests >> it >> is not reliable in some way? >> >> Most of my Googlin' results in claims of it being a "security >> threat." >> Coincidentally, the recent flash exploit certainly strengthens that >> argument. But any kind of program with the ability to punch holes >> in your >> NAT is a potential security threat, isn't it? Or am I >> misunderstanding how >> the two differ? >> _______________________________________________ >> p2p-hackers mailing list >> [email protected] >> http://lists.zooko.com/mailman/listinfo/p2p-hackers >> > > > Travis Kalanick > Akamai Client > [EMAIL PROTECTED] > (v) 310.666.1429 > AIM: ScourTrav123 > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
