Topic: [PULL] UPnP (Read 5054 times)
Official binaries can easily be a single feature-set without breaking the ability to compile without it.
I'm not in favor of the makefile switches, #ifdefs and such...I'd much prefer to build a single flavor of the executable that has support for UPNP...whether it's on or not by default is a separate question. Keep it simple for end users by having a single executable that can support UPNP if desired rather than having different executables (one which has support compiled in and one which doesn't). If this was done for even a few features, it would quickly get out of hand.
I still think it should be on by default for Windows/Mac. UNIX can keep it off as it's not likely to make sense there. But otherwise this is great stuff ... hope it gets in soon.
Although I disagree, the latest version now has UPnP off by default. Any other comments/concerns people have?
As long as UPnP is off by default, it's just an easy way for the user to proactively drill a hole. The bitcoin network will benefit from UPnP users, and other P2P technologies such as bittorrent clients already use UPnP.
I just dont understand, why use UPnP at all? Whats the problem of the end user surfing to their router administration page and opening up 8333 for their bitcoin client? Its a simple and straightforward process of opening a incoming port in a router.
Because they shouldn't have to, and for most people it isn't simple.If Windows is vulnerable without a firewall, then it should simply be banned from the internet. Or ISPs can charge Windows users an extra fee for firewalling service.
Im not saying NATs are supposed to be firewalls/security devices.
I say that the "firewall feature" in a NAT is just a bonus, that have come extremely useful.
How many dedicated hardware firewalls are sold at today's consumer hardware stores? Its zero, sometimes a store *might* sell one brand of hardware firewall. Thats because NATs provide enough protection, so hardware firewalls sells extremely bad at a consumer store.
And firewalls are really necessary. Try connecting a PC to the internet, without NAT, without firewall, without any protection ever. You will see that the PC gets "owned" in the matter of minutes if not under just one hour, even if you dont touch the PC. All those worms out of the internet are scanning and attacking random IPs without any specific "targeting".
A NAT just drops these attacks so they will never reach the PC. You have to deliberately surf into a infected site or download/accept a infected file to get infected.
I just dont understand, why use UPnP at all? Whats the problem of the end user surfing to their router administration page and opening up 8333 for their bitcoin client? Its a simple and straightforward process of opening a incoming port in a router.
I say that the "firewall feature" in a NAT is just a bonus, that have come extremely useful.
How many dedicated hardware firewalls are sold at today's consumer hardware stores? Its zero, sometimes a store *might* sell one brand of hardware firewall. Thats because NATs provide enough protection, so hardware firewalls sells extremely bad at a consumer store.
And firewalls are really necessary. Try connecting a PC to the internet, without NAT, without firewall, without any protection ever. You will see that the PC gets "owned" in the matter of minutes if not under just one hour, even if you dont touch the PC. All those worms out of the internet are scanning and attacking random IPs without any specific "targeting".
A NAT just drops these attacks so they will never reach the PC. You have to deliberately surf into a infected site or download/accept a infected file to get infected.
I just dont understand, why use UPnP at all? Whats the problem of the end user surfing to their router administration page and opening up 8333 for their bitcoin client? Its a simple and straightforward process of opening a incoming port in a router.
Luke-Jr: So you are saying that computers "are supposed" to be exposed to the internet with all these worms and such auto-infecting any computer it stumbles upon by attacking random IP adresses?
Yes, computers are supposed to be connected to the internet. And people are supposed to keep their systems secure. Possibly run a firewall, if they're a target or for extra piece of mind.In the past, the security of NAT was really not necessary, but in the today era, NAT is a essential security that provides inbound protection. Without a NAT or some sort of firewall before a computer, the computer would pretty much get totally owned in about 15 minuters of connection of to the internet, even if you are not touching the computer.
NAT is not security at all. In theory, NATs *should* pass all inbound connections-- most just don't know how. A firewall is something completely different.If the user has a firewall, UPnP should not override it. UPnP is to fix the flaw that NATs don't know where to forward connections, nothing else.
Luke-Jr: So you are saying that computers "are supposed" to be exposed to the internet with all these worms and such auto-infecting any computer it stumbles upon by attacking random IP adresses?
In the past, the security of NAT was really not necessary, but in the today era, NAT is a essential security that provides inbound protection. Without a NAT or some sort of firewall before a computer, the computer would pretty much get totally owned in about 15 minuters of connection of to the internet, even if you are not touching the computer.
Even router packaging advertises the natural NAT firewall function by a picture of a large padlock with the word "firewall" under it.
I think a UPnP function could be there, but make sure its OFF by default. Or even better, dont have any UPnP function at all, and the end user has simply to do port forwarding manually, its not rocket science to go to http://192.168.0.1 (or whats applicable for their router) and do port forwarding of 8333 to their computer's IP adress. Then we keep code amount and possible exploit vectors at a minimum.
I wish that the stupid idea "UPnP" never got invented at all.
Yes! I know that NAT was not intended* to be a firewall from the beginning, its just a positive "bi effect" from NAT:ing multiple computers together since the NAT does not know where to send unsolicited traffic. Its not a "bug" that you call it in other threads. Call it a positive effect.
If you dont want that effect, you can always put a PC in the DMZ zone of the router. But then, if you do that, prepare for that PC to be owned by every active worm out there on the internet circulating. And then that worm will spread to all other PCs in your network since its only a switch on the LAN side of the NAT.
* At the time where NATs where invented, firewalls wasn't really necessary, the virus/worm population on the internet was relatively low. So thats why the NATs where not intended to act as firewalls. It just come as a useful feature later when virus/worm population on internet got a little too high.
In the past, the security of NAT was really not necessary, but in the today era, NAT is a essential security that provides inbound protection. Without a NAT or some sort of firewall before a computer, the computer would pretty much get totally owned in about 15 minuters of connection of to the internet, even if you are not touching the computer.
Even router packaging advertises the natural NAT firewall function by a picture of a large padlock with the word "firewall" under it.
I think a UPnP function could be there, but make sure its OFF by default. Or even better, dont have any UPnP function at all, and the end user has simply to do port forwarding manually, its not rocket science to go to http://192.168.0.1 (or whats applicable for their router) and do port forwarding of 8333 to their computer's IP adress. Then we keep code amount and possible exploit vectors at a minimum.
I wish that the stupid idea "UPnP" never got invented at all.
Yes! I know that NAT was not intended* to be a firewall from the beginning, its just a positive "bi effect" from NAT:ing multiple computers together since the NAT does not know where to send unsolicited traffic. Its not a "bug" that you call it in other threads. Call it a positive effect.
If you dont want that effect, you can always put a PC in the DMZ zone of the router. But then, if you do that, prepare for that PC to be owned by every active worm out there on the internet circulating. And then that worm will spread to all other PCs in your network since its only a switch on the LAN side of the NAT.
* At the time where NATs where invented, firewalls wasn't really necessary, the virus/worm population on the internet was relatively low. So thats why the NATs where not intended to act as firewalls. It just come as a useful feature later when virus/worm population on internet got a little too high.
More FUD. UPnP is not a security problem. NAT is not a security mechanism. If someone can exploit Bitcoin to send arbitrary packets, UPnP support is not going to make it much easier. UPnP is a hack to fix a hack (NAT). Neither should have ever existed, but UPnP brings things back to how they are supposed to be normally.
Voted "Off by default".
Reason: Since UPnP is something which can open incoming holes in a firewall, I think it should be off by default, and IF some user, which knows the consequences of enabling it, can enable it.
The reason is that Bitcoin in a such case will be very responsible for that computer's main security, if it has access to disable the firewall in a router (which UPnP is). For example, lets say there comes a exploit that allows someone to send a specifically crafted packet to bitcoin client on port 8333, and cause the bitcoin client to push out a UPnP packet opening arbiritary ports on the router. Dont give bitcoin too much abilities by default.
Also have safeguards in place that makes sure bitcoin CANNOT send out UPnP packets if its disabled in the interface. In other words, check in many places that UPnP is enabled before allowing a UPnP through, in many places, so even if a hacker manage to bypass a UPnP check via a exploit, there will be numerous other checks that needs to be bypassed too.
Read more here about the security consequences of UPnP:
http://www.grc.com/sn/sn-003.htm
And more here about how good security devices NAT:es are:
http://www.grc.com/nat/nat.htm
Reason: Since UPnP is something which can open incoming holes in a firewall, I think it should be off by default, and IF some user, which knows the consequences of enabling it, can enable it.
The reason is that Bitcoin in a such case will be very responsible for that computer's main security, if it has access to disable the firewall in a router (which UPnP is). For example, lets say there comes a exploit that allows someone to send a specifically crafted packet to bitcoin client on port 8333, and cause the bitcoin client to push out a UPnP packet opening arbiritary ports on the router. Dont give bitcoin too much abilities by default.
Also have safeguards in place that makes sure bitcoin CANNOT send out UPnP packets if its disabled in the interface. In other words, check in many places that UPnP is enabled before allowing a UPnP through, in many places, so even if a hacker manage to bypass a UPnP check via a exploit, there will be numerous other checks that needs to be bypassed too.
Read more here about the security consequences of UPnP:
http://www.grc.com/sn/sn-003.htm
And more here about how good security devices NAT:es are:
http://www.grc.com/nat/nat.htm
Bump as the pull is finally proper. Comments?
Latest gnutella release adds support for UPNP and NAT-PMP... 
So every bitcoin connection must use asymmetric cryptography and conform a so-called normal distribution. Or else everyone will be statistically detected and...
Preventing that type of statistical network analysis attack is what Tor and i2p are for. If you require that level of anonymity, run bitcoin via a proxy to communicate over those networks.
Once more I describe the problem I mean important.
The transaction originator isn't anonymous when originating node is sniffed. The sniffer can certainly detect if the transaction is originated by the sniffed node or it is just retranslated.
The truly anonymous bitcoin node must mix its original transactions in time with retranslated ones, randomize them, send dummy packets along with them etc...
Statistical and pattern analysis is widely used by secret services and other advanced criminals. Don't forget it.
So every bitcoin connection must use asymmetric cryptography and conform a so-called normal distribution. Or else everyone will be statistically detected and...
The transaction originator isn't anonymous when originating node is sniffed. The sniffer can certainly detect if the transaction is originated by the sniffed node or it is just retranslated.
The truly anonymous bitcoin node must mix its original transactions in time with retranslated ones, randomize them, send dummy packets along with them etc...
Statistical and pattern analysis is widely used by secret services and other advanced criminals. Don't forget it.
So every bitcoin connection must use asymmetric cryptography and conform a so-called normal distribution. Or else everyone will be statistically detected and...
I think that bitcoin must use a random port and encrypt its traffic. If it will be so, I see no evil in UPnP.
I already suggested that here:
https://bitcointalksearch.org/topic/feature-request-implement-ssh-like-conn-encryption-into-protocol-openssl-2909
However that is not as useful as i initially thought.
I think that bitcoin must use a random port and encrypt its traffic. If it will be so, I see no evil in UPnP.
Learn from FreeBSD and other decent OS. Stuff is off by default. Stuff opening ports to world wild web is definitely off by default.
Erm, no. Services may be disabled by default, certainly, but once you start (for example) Apache, it listens to port 80 by default. You don't have to jump through extra hoops to configure a port. Likewise, distros won't auto-launch bitcoind by default, but when the user does so, they should reasonably expect it to listen.An unfounded possible vulnerability is no excuse to make things harder for the user than they have to be. There could just as well be a vulnerability in the transaction code, or anywhere else that is going to be exposed to all nodes regardless. If you don't trust the bitcoin wallet you're using to be secure, you shouldn't be using it period.
It is primary function of Apache to listen on port 80 and it is still not using UPnP. It is not primary function of bitcoin to listen on port 8333 while breaking out holes in badly configured routers/firewalls. Your argument is flawed. Try again.
Vladimir is 100% right.
Everything that is not needed for an application's primary function to function, should be turned off by default.
Also, UPnP is overall one big security hole. If somebody enables it, he should know what he is doing. By enabling UPnP by default, you are making computer-illiterate people create security holes.
It's ok to set it OFF by default, but I think that it is a good idea to show it with a wizard at the first start of the gui. ( example: emule )
I suspect most people running Linux at home are already either not using wifi NATs or have set themselves up in a DMZ.
UPnP is definitely a good thing, but it'll have the most impact for OS X and Windows users.
As to security, UPnP only has any effect on residential connections. It's already widely used by very popular software like Skype. Blanket arguments that it's a bad thing or should be off by default don't make a whole lot of sense to me. The people who need it most are the same people who won't know what it is and thus won't switch it on.
UPnP is definitely a good thing, but it'll have the most impact for OS X and Windows users.
As to security, UPnP only has any effect on residential connections. It's already widely used by very popular software like Skype. Blanket arguments that it's a bad thing or should be off by default don't make a whole lot of sense to me. The people who need it most are the same people who won't know what it is and thus won't switch it on.
Jump to: