Requiring manual approval is an excellent idea for the ThingSafe RFC! -mel
On Oct 27, 2016, at 2:10 AM, Mike Meredith <mike.meredith@port.ac.uk> wrote:
On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <lear@ofcourseimright.com> may have written:
Well yes. uPnP is a problem precisely because it is some random device asserting on its own that it can be trusted to do what it wants. Had
From my own personal use (and I'm aware that this isn't a general solution), I'd like a device that sat on those uPnP requests until I logged into the admin interface to review them. Now if you could automate _me_ then it might become more generally useful :-
uPnP(ssh, for admin access) -> f/w
f/w -> uPnP device: Don't be silly.
But if instead of a pet feeder we're talking about a home file sharing system or a video camera where you don't want to share the feed into the cloud? There will be times when people want inbound connections. We need an architecture that supports them.
As someone who manages an application-based firewall, every problem looks like it would be easier to solve using an application-based firewall :)
-- Mike Meredith, University of Portsmouth Principal Systems Engineer, Hostmaster, Security, and Timelord!