On Thu, Nov 29, 2007 at 06:31:13PM -0600, Billy Crook wrote: > And for that matter, no destruction of your current computer's UPnP > capabilities will slow down a virus that uses UPnP to upen your NAT router > up. That virus, willcery its own UPnP client that you won't be allowed to > close. The place to disable it if you are going to at all, is in your NAT > routers.
The concern is not whether UPnP announcements are going to open my network to hostile traffic, but whether or not Pidgin may be listening to potentially hostile traffic (e.g. buffer overflows, malicious input). I use Pidgin to communicate on a motley collection of chat protocols such as AIM, ICQ, Jabber, etc. UPnP is not on my required list of protocols, therefore I, like other users who have commented on this issue in the past, am trying to disable it so that I am only running the service and clients that are necessary for my required functionality. The resistance to providing even an advanced configuration option or plug-in functionality that allows users to follow security best practices is surprising. Is there a reason for UPnP to be in an always on state that I'm not understanding? David _______________________________________________ Support mailing list [email protected] http://pidgin.im/cgi-bin/mailman/listinfo/support
