2.4 Re-enables UPnP by default

Mangal Oemie

Mangal Oemie
EUS said:
UPnP is still disabled by my router and OS, and I won't port forward. If that means some instancing with others will never occur, that's ok by me.
I'm not going to pinhole port(s) for a video game.
Click to expand...

I am a security guy, and i use port forwarding. When the game PC is off, yes, the firewall rule/port-forwarding still allows traffic to go over that port to a specific internal IP address which... will be turned off, so no harm done.

Also, I use a custom port - not the default 5001, which by itself with a bit of Google search will clue in an attacker what might be on there. Look for my chosen port number, and you'll find nothing.

uPnP, of course is disabled on both the outward facing router, and the internal one.
 

Mangal Oemie

Mangal Oemie
veelckoo said:
It is (uPNP) in no way worse than having machine connected directly to internet.
If you have software firewall on your OS than you don't care if UPNP is opening ports automatically on your router. Even better for consoles as then there is virtually no risk with the benefit of not having manually forward the ports.
Click to expand...

I would strongly recommend not to put any machine directly connected to the internet. My cable router first goes to one router, then to a second. Only then do we get actual hosts.

Modern security practices put multiple barriers into place. Your software firewall doesn't help you when you download a bad file from somewhere, and new services just open new ports on your firewall because uPnP is turned on, and your firewall allows by default outbound traffic (which typically is unfiltered).

If you use an Admin account on your windows, any attacker wouldn't even need to elevate privileges to manually change firewall rules on your OS, either. (If you're running Linux, unless you do special things that require it, i would assume you wouldn't run as root.... ever)
 

Ralph Vargr

Ralph Vargr
Mangal Oemie said:
I would strongly recommend not to put any machine directly connected to the internet. My cable router first goes to one router, then to a second. Only then do we get actual hosts.

Modern security practices put multiple barriers into place. Your software firewall doesn't help you when you download a bad file from somewhere, and new services just open new ports on your firewall because uPnP is turned on, and your firewall allows by default outbound traffic (which typically is unfiltered).

If you use an Admin account on your windows, any attacker wouldn't even need to elevate privileges to manually change firewall rules on your OS, either. (If you're running Linux, unless you do special things that require it, i would assume you wouldn't run as root.... ever)
Click to expand...

No rooting for the home team? :)

Note: No UPnP.


 
You must log in or register to reply here.
Back
Top Bottom