[FoxTwo]

Hi guys...

Just wondering which method you guys actually prefer and use?

For example, for me, I try not to port-forward whenever possible, ie let the application use uPnP to open ports etc.

My reasons for preferring uPnP
====================
1) uPnP does not require static IPs
2) If you have more than 1 PC/laptop on the same network, they all can use the same application/game at the same time. uPnP will take care of the ports etc automatically.
3) No "permanent hole" in the router firewall. Application will close the opened port when it has done its thing (usually heheh!)
4) Easier for people to connect to your wireless network you don't have to configure anything for them.

[xrM]

UPnP - http://www.grc.com/unpnp/unpnp.htm
DMZ - Don't even touch it, it's dangerous. Use the other two options..

[p|sangp|sang]

pros of upnp
1) stright forward
2) zero cfg
cons
1) no ways of knowing wat port has been forward
so far i only see ddwrt has this feature of listing out active upnp-ed ports

Quote:

3) No "permanent hole" in the router firewall. Application will close the opened port when it has done its thing (usually heheh!)

ammend abit here. the port will remain open when the application is running n closed when application is running.

simmilar can be said with PF. eventhough it has set to open permently, but if the application issnt running(not in listening) ingress traffic will be denied.

[p|sangp|sang]

Quote:

Originally Posted by xrM

DMZ - Don't even touch it, it's dangerous. Use the other two options..

not as dangerous as u think. its just like plugging your pc directly to your modem, deffinatly are using some sort of firewall

[FoxTwo]

Quote:

Originally Posted by P|saNgP|saNg

cons
1) no ways of knowing wat port has been forward
so far i only see ddwrt has this feature of listing out active upnp-ed ports

Actually my router (Netgear WGR 614v4) can see in the router web admin page. Also, there's an icon on my system tray called "Residential Gateway" or "Internet Connection" (depending on which PC). Double click that, look at properties, it tells you exactly which port has been open by which application on which PC.

[xrM]

Quote:

Originally Posted by P|saNgP|saNg

not as dangerous as u think. its just like plugging your pc directly to your modem, deffinatly are using some sort of firewall

And if you disabled your windows firewall and forgot to reenable it after putting your computer in a DMZ , you're screwed

[p|sangp|sang]

Quote:

Originally Posted by FoxTwo

Actually my router (Netgear WGR 614v4) can see in the router web admin page. Also, there's an icon on my system tray called "Residential Gateway" or "Internet Connection" (depending on which PC). Double click that, look at properties, it tells you exactly which port has been open by which application on which PC.

oo didnt know tt. another way i found out is to look under the log or active connections tabs.

[p|sangp|sang]

Quote:

Originally Posted by xrM

And if you disabled your windows firewall and forgot to reenable it after putting your computer in a DMZ , you're screwed

o'really? my machine is dmzed with no firewall wat so ever. so how come im still unscrewed?

[martinchua]

how dangerous can dmz without firewall be?

im on dmz without firewall too.

[xrM]

Well, it's as bad as having no firewall and no router to protect you. You find that ok, then it's ok..

[thetarget]

DMZ basically is all-ports-belong-to-me mode.
It opens all port, forward it to the IP assigned.

Errors occurs when changes are rejected. Since nothing is stopping the connections going in/out your network, I won't be questioning your confidence level. Not implying that you will get errors, only that you would.

I won't be touching UPnP for many reasons, much of which is related to the infamous incident. Port forwarding havn't give me any problem, so I've stayed with it

[John_Chee]

So which is better to do portforwarding or UPnP? I am currently playing around with portforwarding on my network to open up the port for my bitcomet.

[PsyNidE]

I'd rather do port forwarding or port triggering rather than UPnP ... go to www.grc.com to read about UPnP dangers

[PsyNidE]

Quote:

Originally Posted by martinchua

how dangerous can dmz without firewall be?

im on dmz without firewall too.

its the same as having your house w/o a door and a gate.Any tom.dick and harry could enter and leave.

[FoxTwo]

The dangers of uPnP is overrated, IMO.

Quote:

Translating eEye's and Microsoft's statements into consequences, this means that without the security update patch, and with the Universal Plug and Play (UPnP) system in its default "enabled" state, any of the many millions of Internet-connected UPnP-equipped Windows systems could be remotely commandeered and forced to download and run any malicious code of a hacker's design. This includes using the machine to launch potent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

It's dangerous only if you had installed WinXP (prior to SP1), and totally never patched it via WindowsUpdate function since.

Even so, with a properly configured firewall this can be overcome. For example I have been running WinXP with only SP1 for years until 2006 when I decided to get off my lazy butt and install SP2 (cos some apps I wanted to run REQUIRED the #&$#^&@ SP2!)

Remember, the problem of uPnP was discovered in 2001. It's now 2007. Six years have passed.

While I'm not saying that being cautious about uPnP and not using it is wrong, port-forwarding has its own set of dangers too. You just have to weigh which danger is less of a risk to you.

The safest, of course, is not to connect to the Internet at all