[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6-PMP?
On Apr 10, 2007, at 14:39, Mark Smith wrote:
Maybe I'm missing something, but couldn't the fatal problem be that
one piece of malware, delivered via an email attachment for
example, that the user is fooled into running, could open up a "pin-
hole" that is large enough to fly a jumbo jet through (and drive a
bus through, and sail a super-tanker through, all at the same time) ?
You'd think so, but the U.S. Department of Homeland Security didn't
have jack to say about the fact that the AirPort Extreme base station
ships with NAT-PMP enabled in its default mode. Apparently, it's the
solicitation that makes the difference. As long as the local node is
only globally exposed as a result of its explicit and deliberate
solicitation of the default gateway, that seems to make all the
security experts happy.
I don't understand why this should be, but then I'm only an egg.
People much smarter than me have made these decisions, and they don't
like nitpickers second-guessing them about it.
--
j h woodyatt <jhw@apple.com>