VNC and uPnP routers

Rasjid Wilcox rasjidw "at"
Fri Apr 16 11:31:00 2004

On Friday 16 April 2004 05:12, Scott C. Best wrote:
> Gerhard:
> 	Heya. Your post is the first I've heard that applications can
> use uPnP to auto-configure a DSL router that they're sitting behind.
> The idea sounds conveniant, which means it also sounds like the opposite
> of secure. :) If my DSL router actually auto-configured its port-forward
> settings without me telling it would I ever be able to restrict
> what services on my network are externally accessible?

I first discovered uPnP when I noticed my Linux firewall blocking packets from 
an internal machine.  Turns out a visitor had XP on their laptop, and it was 
trying to tell our firewall to allow connections to MSN Messenger through to 

What is the point of a firewall if any program on the inside can re-configure 
it to allow things through?  Doesn't MS know about trojans and viruses?

At the time there were very few uPnP devices to take advantage of this 
'feature', but the scary thing is that I have now seen several domestic 
'firewalls' that do.



Rasjid Wilcox
Canberra, Australia (UTC +10 hrs)