Bitcoin Forum
December 11, 2016, 12:24:11 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Make UPNP enabled by default?  (Read 2775 times)
Man From The Future
Full Member
***
Offline Offline

Activity: 126


View Profile
June 12, 2011, 01:46:26 PM
 #1

Unless this has changed in the latest release(I'll check ina minute Tongue), why shouldn't it be enabled by default?

Many people have routers with UPNP support, and enabling it would allow new users who don't know what it is, or haven't looked in the options, to get more than 8 connections.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481415851
Hero Member
*
Offline Offline

Posts: 1481415851

View Profile Personal Message (Offline)

Ignore
1481415851
Reply with quote  #2

1481415851
Report to moderator
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
June 12, 2011, 02:42:05 PM
 #2

I'm in favor of this, and was since the beginning, but when it was first introduced, there was a vote on these forums and the result was strongly against UPnP.  Frankly Im really not sure what valid argument anyone had as if UPnP is a "security risk" (which is only sort of, remotely is) then it should be off on the router and enabling it on Bitcoin does nothing different.  It would also go some way towards solving some of the connection issues (though those are mostly solved in 0.3.23 with the more aggressive connections).

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 12, 2011, 02:51:02 PM
 #3

I don't know much about UPNP, does this affect TOR users at all?

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
June 12, 2011, 02:52:56 PM
 #4

UPnP is one of the most insecure networking protocols designed, any external router that supports it, is just asking for their network to be comprimized.

This doesnt help or hinder bitcoin in anyway, but in the future you are far less likely to find a router that supports it inherently.

ZOMG Moo!
mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
June 12, 2011, 06:02:26 PM
 #5

UPnP is one of the most insecure networking protocols designed, any external router that supports it, is just asking for their network to be comprimized.

This doesnt help or hinder bitcoin in anyway, but in the future you are far less likely to find a router that supports it inherently.

 Grin

Care to elaborate on the vulnerabilities of UPnP?

As a side note - I vote yes to enabling UPnP by default
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
June 12, 2011, 06:52:41 PM
 #6

Votes aren't a good way to decide these issues. I suggest Matt just submit a pull req to enable it by default and let Gavin decide.

UPnP is a de-facto standard that's used by virtually all p2p software. The fact that it's even an option puts Bitcoin behind apps like Skype in terms of UI simplicity. It's definitely worth enabling it by default, at minimum.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 12, 2011, 07:07:12 PM
 #7

This doesnt help or hinder bitcoin in anyway, but in the future you are far less likely to find a router that supports it inherently.
"the future"? You mean when IPv6 has been introduced everywhere and UPNP is no longer needed?

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2030



View Profile
June 12, 2011, 07:54:52 PM
 #8

Votes aren't a good way to decide these issues. I suggest Matt just submit a pull req to enable it by default and let Gavin decide.
UPnP is a de-facto standard that's used by virtually all p2p software. The fact that it's even an option puts Bitcoin behind apps like Skype in terms of UI simplicity. It's definitely worth enabling it by default, at minimum.

Instead of talking about how great UPNP is it would be much more useful to tell everyone if you've tried it and if it worked.

It's not a feature developers are likely to use — other than to test it. It would be pretty terrible if it turned out that it had a bug which occasionally crashed bitcoin and it got enabled by default.

Also, looking at the implementation it appears that it tries to use UPNP even when its not required to get the port open. Thats probably somewhat less than optimal, since the upnp traffic might make network operators mistake bitcoin for filetrading applications in the same way IRC seed makes people mistake bitcoin for a botnet.

Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
June 12, 2011, 08:16:38 PM
 #9

This doesnt help or hinder bitcoin in anyway, but in the future you are far less likely to find a router that supports it inherently.
"the future"? You mean when IPv6 has been introduced everywhere and UPNP is no longer needed?


indeed.

and as to the vulnerabilities, it allows any malicious software to open ports in your firewall whether you want them or not once its on your computer.

it was a nice idea to try and work around the terrible curse of NAT, but shortly NAT wont be necessary.

ZOMG Moo!
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2100



View Profile
June 12, 2011, 10:04:54 PM
 #10

and as to the vulnerabilities, it allows any malicious software to open ports in your firewall whether you want them or not once its on your computer.
This "vulnerability" assumes that UPnP meant to configure firewalls, which it isn't. It's to inform a NAPT device of a port being opened. It really should be implemented by the OS's listen() function.

Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
June 12, 2011, 10:45:15 PM
 #11

Votes aren't a good way to decide these issues. I suggest Matt just submit a pull req to enable it by default and let Gavin decide.
UPnP is a de-facto standard that's used by virtually all p2p software. The fact that it's even an option puts Bitcoin behind apps like Skype in terms of UI simplicity. It's definitely worth enabling it by default, at minimum.

Instead of talking about how great UPNP is it would be much more useful to tell everyone if you've tried it and if it worked.

It's not a feature developers are likely to use — other than to test it. It would be pretty terrible if it turned out that it had a bug which occasionally crashed bitcoin and it got enabled by default.
It's been pretty well tested at this point. Also, I too don't get the "vulnerability" reason of not having UPnP on by default. It seems to me that the issue is that those people who are concerned about it have it enabled in their router, not that Bitcoin would use it.

Basiley
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 13, 2011, 02:28:37 AM
 #12

screw "screwed by design" things like UPnP, IMO.
and yes, BTC network nodes compromising ease, even on small degree isn't option, IMO.
point is, UPnP isn't hot/quick/mission-critical thing in to-do/timeline, IMO and unlikely be in next one.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 13, 2011, 06:18:27 AM
 #13

it was a nice idea to try and work around the terrible curse of NAT, but shortly NAT wont be necessary.
Do note that I was talking about a (possibly distant) future in which NAT is no longer needed.

For the problems we face NOW, UPnP is a good compromise.

The Bitcoin client is meant to open a port, as this is part of the P2P network design and strengthens the network. More connections=more trust. This I recommend enabling UPnP by default.

Counter-arguments are easy to address:

- Users can still choose to not open a Bitcoin port. Provide the -nolisten argument, which causes the client to only rely on outgoing connections and not advertise.

- Users can still choose not to use UPnP for security reasons. Disable it in your router configuration.  Not enabling UPnP in Bitcoin does not provide any additional security. Trojans can still use UPnP as long as it is enabled in your router!

- UPnP should obviously be disabled when running over an overlay network such as Tor (or when a proxy is used..).

- No, UPnP does not advertise the program as a file sharing application. Non-filesharing applications such as Skype also use UPnP. But if you're worried about it you can provide the command line argument to disable UPnP (or -nolisten to not advertise at all).


Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 13, 2011, 06:21:41 AM
 #14

I agree with John Smith

Thus... leave it enabled by default Cheesy

Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
June 13, 2011, 09:45:18 AM
 #15

my point wasnt that it shouldnt be in the client and enabled by default, just that its a badly designed interface that may go the way of the dinosaur in the next couple years and not to rely upon it. Part of the standard install should be saying "hey, user, open X and Y port in your firewall." OR asking which port the user wants to use and broadcasting that to the network.

ZOMG Moo!
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 13, 2011, 11:42:32 AM
 #16

my point wasnt that it shouldnt be in the client and enabled by default, just that its a badly designed interface that may go the way of the dinosaur in the next couple years and not to rely upon it. Part of the standard install should be saying "hey, user, open X and Y port in your firewall." OR asking which port the user wants to use and broadcasting that to the network.
But the point is that UPnP doesn't address power users that know how to open ports manually. It is only useful for people that want to simply start the executable and use it.

And indeed, in a couple of years it won't be needed anymore. However, as long as we have IPv4 and NAT-uglyness, this problem exists. Code can always be removed.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Basiley
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 13, 2011, 02:15:33 PM
 #17

or two different builds, entitled "download this for easy use/nobrainers" and "reasonably-hardened/tweaked for power users".
Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
June 13, 2011, 02:19:47 PM
 #18

er, except most routers do not come with upnp enabled by default since it is a security hole, meaning.... for the non power user, upnp isnt going to work? :p

ZOMG Moo!
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
June 13, 2011, 02:24:28 PM
 #19

er, except most routers do not come with upnp enabled by default since it is a security hole, meaning.... for the non power user, upnp isnt going to work? :p
I have no statistics on routers and which % have UPnP enabled by default. Do you?

Anyway even in that case, having it enabled by default in bitcoin is not a problem.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 13, 2011, 02:43:08 PM
 #20

Where I live I think routers come with it enabled by default because we have a SEVERE lack of IP addresses (for example, I cannot download anything on file sharing sites, because someone with my IP is always downloading there already... even when the only machine active on my network is my own).


And... seriously, you people that suggest that we need to ask the user "x" or "y" do not realize that 99.99% of the people in the world will never understand the question.

I am computer savy since I was a child (my dad wanted me to become the next bill gates or something... he taught me how to program when I was 8 even...), and for good part of my life, I believed everyone else was a idiot.

When I realized that only me understood those kind of questions coming from software, I noticed the software was wrong, not the users.

You cannot ASSUME people know stuff. They don't.

Not even the WASD keys when designing a FPS, research data showed that one of the reasons that it is popular only among "hardcore" is that only "hardcode" know how to control the character, with most games assuming you will use the most popular controls, and normal people cannot even walk forward in the game.


If you ask someone about port forwarding, NAT, UPNP, firewall, whatever, they will only think: "Wha?"
If you try to explain, say it is a security risk but is a nice feature, people will think: "Hell no! I do not want another virus!" even if the risk is minor or negligible and have nothing to do with virus. (or worse: I know people that really believe that hackers in a chat can figure the color of your underwear)

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!