[arin-discuss] Trying to Understand IPV6

Robert E. Seastrom rs at seastrom.com
Mon Sep 13 23:10:20 EDT 2010


Leo Bicknell <bicknell at ufp.org> writes:

> In a message written on Mon, Sep 13, 2010 at 08:48:59PM -0400, Robert E. Seastrom wrote:
>> proper ports in the firewall.  Funny how easy that gets when there is
>> no STUN or uPNP in the fray.  Might even be something that you click
>
> I don't think (but I'm not sure) that uPnP requires NAT.  That is,
> I think a stateful firewall could implement uPnP and use it simply
> to unblock ports on request.

uPnP does not require NAT.

> I think for most consumers that's a good model.  Your PS3 or other
> appliance like device can request the couple of ports it needs, and
> if you want to know you can log into your gateway and see waht a
> device requests, and/or deny a particular device such access.

That's great if you completely trust your device.  Malware on our
computer asking for ports to be opened works Just Fine too.  If you're
running uPnP on your network, your firewall is not really controlling
what is traversing it, as you're basically allowing untrusted users on
your network to load arbitrary rulesets.

-r





More information about the ARIN-discuss mailing list