I would agree that it is a security hole for an ISP. UPnP would let me do my 
own forwards for just about any port I want, including SSH, telnet and web. For 
that matter, I could just be selfish and port map every port from 1024 through 
65535 to my IP, completely killing access to anyone else.

In an ISP environment, the best option really is to disable UPnP if you are 
doing NAT.

--
Adam Kennedy
Network Engineer
Omnicity, Inc.


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf 
Of Marlon K. Schafer
Sent: Monday, August 02, 2010 10:43 AM
To: WISPA General List
Subject: Re: [WISPA] XBOX live, NAT, and UPnP

Man that sucks.  We turn off upnp on ALL routers.  I've always been told
that it's a big security hole.

Thoughts on that?
marlon

----- Original Message -----
From: "Josh Luthman" <[email protected]>
To: "WISPA General List" <[email protected]>
Sent: Monday, August 02, 2010 7:29 AM
Subject: Re: [WISPA] XBOX live, NAT, and UPnP


I don't seem to have any issues with double or triple NAT.

When I was working with MT to fix the upnp issue with Xboxes. I have
it marked as 4.6 with modifications (it was an unofficial 4.6 they
gave me) so I would say 4.7 or higher should enable Xbox upnp.  Even
this requires a public IP on the Mikrotik to remove even nice strict
(I think it's called open?).

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Aug 2, 2010 at 10:07 AM, Kurt Fankhauser <[email protected]> wrote:
> So does anyone here have any customers that use XBOX live and bark to you
> about you NAT? Apparently the XBOX live service is very picky about being
> behind any NAT device and its ability to make connections to other
> servers.
> From what I gathered is that the LIVE service uses Universal Plug and Play
> (UPnP) to get around this but the question I have is. If your doing
> masquerade on a Mikrotik Core Router should you enable UPnP on that
> device?
> Or should I just issue public IP's to the customer that games and let them
> worry about it? And if you have UPnP enabled on the core router and then
> do
> a double-NAT through the customers Linksys router with UPnP enable does
> that
> not work because of the double-NAT?
>
>
>
> Kurt Fankhauser
> WAVELINC
> P.O. Box 126
> Bucyrus, OH 44820
> 419-562-6405
> www.wavelinc.com
>
>
>
>
>
>
>
>
> --------------------------------------------------------------------------------
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> --------------------------------------------------------------------------------
>
> WISPA Wireless List: [email protected]
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>


--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------

WISPA Wireless List: [email protected]

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------

WISPA Wireless List: [email protected]

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
 
WISPA Wireless List: [email protected]

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to