[192379] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Mike Meredith)
Thu Oct 27 05:08:22 2016
X-Original-To: nanog@nanog.org
Date: Thu, 27 Oct 2016 10:04:55 +0100
From: Mike Meredith <mike.meredith@port.ac.uk>
To: nanog@nanog.org
In-Reply-To: <b68aaff7-4a1a-b74e-9e60-a03d8689b9d9@ofcourseimright.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Sig_/lo9p3mWNzvaK2Fw8euF+rKq
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <lear@ofcourseimright.com>
may have written:
> Well yes. uPnP is a problem precisely because it is some random device
> asserting on its own that it can be trusted to do what it wants. Had
=46rom my own personal use (and I'm aware that this isn't a general
solution), I'd like a device that sat on those uPnP requests until I logged
into the admin interface to review them. Now if you could automate _me_
then it might become more generally useful :-
uPnP(ssh, for admin access) -> f/w
f/w -> uPnP device: Don't be silly.
> But if instead of a pet feeder we're talking about a home file sharing
> system or a video camera where you don't want to share the feed into the
> cloud? There will be times when people want inbound connections. We
> need an architecture that supports them.
As someone who manages an application-based firewall, every problem looks
like it would be easier to solve using an application-based firewall :)
--=20
Mike Meredith, University of Portsmouth
Principal Systems Engineer, Hostmaster, Security, and Timelord!
=20
--Sig_/lo9p3mWNzvaK2Fw8euF+rKq
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYEcM/AAoJEM11ijcbtFtx3e0H/RqV00t3MZwnpozDDgcrhgjF
xrnJVI/4RIzDbZ33/IjLn124M2KZN6Y6Mq9NMIzmNA79r3PsTl2VCNKRPFuhbNkN
dFJagJZJTtm8wZg/D4Ve+mOYZ5c7yPtVrTLP3FzjUv6xs3CXuy0AxJyzQDQB9zNi
N+UcHWkq/1GcpAY3tx1FtlpiAIRyneGimlcI3UOmQVK77zralRpLgzHL72bG5l6Y
+zr328WowUxokFqwFvscledHMWy6eX6JE4cYOwj/DQcTd+43hFKtT/ISbODMBsCC
6Jo5SqRRAZit+RYe3F+dMAt5MkCkQZsZ6vSCHKaEgo88dN9Bfoset4hQUlctKrE=
=ZDXu
-----END PGP SIGNATURE-----
--Sig_/lo9p3mWNzvaK2Fw8euF+rKq--
