On Wednesday 26 April 2006 00:01, Matthew Toseland wrote: > > UP&P has two main issues. One is that it is insecure on a LAN. The other > is that Win XP SP2 blocks it. If it is nonetheless widely used, then we > should support it as it can not only discover your IP but also forward > the UDP port. Exactely, this is my point.
> > > > > UPnP, on the other hand, sounds useful - LimeWire contains a Java > > > > implementation so that might be a good starting point. > > > > > > I believe there are UP&P implementations out there... the question is, > > > is UP&P widely used and widely available? If so we should certainly > > > support it. > > > > I think a large share of the users are already using UPnP in their home > > network to easily configure their NATs. However, I do not have a study to > > give you exact figures. > > I checked a few applications and at least Gaim, Ekiga, Windows-Messenger, > > Emulemorph and PacPhone support UPnP (in addition, I think almost all P2P > > tools support UPnP, e.g. BitTornado and Azureus). > > Hmm. Even though Win XP SP2 by default blocks it? Yeah, I assume a lot of Win XP users still enable UPnP (probably it is easier for them to enable UPnP than configure their router to forward ports). And there is a growing *nix community out there ... ;-) > > > I agree, UPnP may be a security risk in a few scenarios. However, I > > believe it would highly improve the usability of the software because a > > lot of users experience problems using freenet behind a NAT. > > What do you think about this approach: > > STUN determines the type of internet connection used by the user. If the > > user is behind a NAT she will be asked if she is at her home network or > > if she uses an untrusted network. If the users tells us that she is at > > home we use UPnP to configure her router, otherwise (and this will be > > default after a short timeout) UPnP will not be used. > > STUN on its own would be a substantial improvement (obviously there > needs to be an option to turn it off... possibly under an "advanced > paranoid options" page in the installer). UP&P would be even better > (especially for opennet, and people on dyndns who don't have a non-NATted > peer), but we need to ask the user whether they are on an insecure LAN, > and there remain nagging questions as to its viability if the only way to > make it work is to ask the user to reconfigure the Windows Firewall > to not block it. As far as I know there is no other way, however, I am not a Windows user. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060426/eb04ec76/attachment.pgp>
