Bitcoin Forum
December 04, 2016, 12:36:27 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Poll
Question: UPnP on or off by default?
On by default - 14 (24.1%)
Off by default - 28 (48.3%)
On by default in the GUI, off by default in bitcoind - 16 (27.6%)
Total Voters: 58

Pages: [1] 2 »  All
  Print  
Author Topic: [PULL] UPnP  (Read 4585 times)
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
March 12, 2011, 01:05:49 AM
 #1

I wrote a patch for UPnP via miniupnpc.  Currently it is just for UNIX, but shouldn't be too hard to get running on OSX.  Some people have mentioned that Windows has its own native library for UPnP which we should use.  Currently UPnP is on off by default and can be easily turned on with -upnp but that is up for debate (actually poll).  See the pull request here: https://github.com/bitcoin/bitcoin/pull/133.

UPDATE: The patch now works for OSX and Windows and includes a WXUI switch for enabling/disabling UPnP at runtime.  Note that the windows version still uses miniupnpc (not the native windows libraries, does anyone feel very strongly about this?).  
As I couldn't get miniupnpc to compile on Windows, the makefile is designed to use the binary version published on the website (which includes the library against which bitcoin is linked, upnpc-exe-win32-20110215.zip).  To get the relevant headers, however you need to download the original source archive (miniupnpc-1.5.20110215.tar.gz) and copy *.h to C:\upnpc-exe-win32-20110215\miniupnpc.  Note that the UNIX/OSX versions expect version 1.5 (slightly different UPNP_AddPortMapping definition).  
Also, the translations of the copyright notice in the about dialog need changed before this should be pulled.  Currently only dutch has been translated (thanks joepie91).

UPDATE 2: Added translations by community members for French, Spanish and German (plus existing Dutch) and added Russian, Portuguese and Italian translations from Google Translate.  Anyone had time to review the code and have suggestions or think it is ready?

UPDATE 3: Italian translation updated thanks to Joozero.  Anyone have comments on the code?

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
1480854987
Hero Member
*
Offline Offline

Posts: 1480854987

View Profile Personal Message (Offline)

Ignore
1480854987
Reply with quote  #2

1480854987
Report to moderator
1480854987
Hero Member
*
Offline Offline

Posts: 1480854987

View Profile Personal Message (Offline)

Ignore
1480854987
Reply with quote  #2

1480854987
Report to moderator
1480854987
Hero Member
*
Offline Offline

Posts: 1480854987

View Profile Personal Message (Offline)

Ignore
1480854987
Reply with quote  #2

1480854987
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480854987
Hero Member
*
Offline Offline

Posts: 1480854987

View Profile Personal Message (Offline)

Ignore
1480854987
Reply with quote  #2

1480854987
Report to moderator
1480854987
Hero Member
*
Offline Offline

Posts: 1480854987

View Profile Personal Message (Offline)

Ignore
1480854987
Reply with quote  #2

1480854987
Report to moderator
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
March 12, 2011, 01:08:43 AM
 #2

It should not be enabled by default. Opening 8333 significantly increases network usage without any benefit to the node.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1470


View Profile
March 12, 2011, 01:19:48 AM
 #3

It should not be enabled by default. Opening 8333 significantly increases network usage without any benefit to the node.

Well, it benefits the network, which benefits the node.

But I agree:  it should be off by default.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
March 12, 2011, 01:23:13 AM
 #4

It should not be enabled by default. Opening 8333 significantly increases network usage without any benefit to the node.
I completely disagree.  The more nodes which are connectible the harder any kind of Sybil attack becomes which just benefits the network.  Any user who has a legitimate reason why they don't want incoming connections will already either have UPnP off on their router or be able to disable it in the client.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
March 12, 2011, 01:26:41 AM
 #5

I completely disagree.  The more nodes which are connectible the harder any kind of Sybil attack becomes which just benefits the network.  Any user who has a legitimate reason why they don't want incoming connections will already either have UPnP off on their router or be able to disable it in the client.

Think of all those users in Canada and Australia who will have their limited bandwidth siphoned away without any warning...

After Bitcoin runs in lightweight client mode by default, it would make sense to ask the user about triggering UPnP if they enable "supernode" mode.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2086



View Profile
March 12, 2011, 01:59:10 AM
 #6

Learn from FreeBSD and other decent OS. Stuff is off by default. Stuff opening ports to world wild web is definitely off by default.
Erm, no. Services may be disabled by default, certainly, but once you start (for example) Apache, it listens to port 80 by default. You don't have to jump through extra hoops to configure a port. Likewise, distros won't auto-launch bitcoind by default, but when the user does so, they should reasonably expect it to listen.

An unfounded possible vulnerability is no excuse to make things harder for the user than they have to be. There could just as well be a vulnerability in the transaction code, or anywhere else that is going to be exposed to all nodes regardless. If you don't trust the bitcoin wallet you're using to be secure, you shouldn't be using it period.

mndrix
Michael Hendricks
VIP
Sr. Member
*
Offline Offline

Activity: 447


View Profile
March 12, 2011, 02:02:48 AM
 #7

It seems reasonable to me to start with UPnP disabled by default.  As long as enabling it in the client is easy enough to do, the network will benefit because some nodes will "opt-in" that wouldn't have before.  We can change the default later, after we gain more confidence about remote vulnerabilities.
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
March 12, 2011, 03:21:44 AM
 #8

It seems reasonable to me to start with UPnP disabled by default.  As long as enabling it in the client is easy enough to do, the network will benefit because some nodes will "opt-in" that wouldn't have before.  We can change the default later, after we gain more confidence about remote vulnerabilities.

Who knows enough about wxWidgets to add a checkbox to the Settings UI for "Enable UpNP" (grayed out #ifndef UPNP...)?  Wanna coordinate with BlueMatt to get that done?

How often do you get the chance to work on a potentially world-changing project?
ArtForz
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 12, 2011, 09:40:29 AM
 #9

One more consideration.

Can someone guarantee that there is not a single buffer overflow or some other vulnerability in bitcoin code present and future? And put a 21m BTC bond to make such guarantee worthwhile too? If not than we'd better have this off by default.

Otherwise, consider the risk of a 0 day exploit coming up and someone cleaning up balances of all nodes accepting incoming connections. This would be the end of bitcoin.

Without UPnP by default only supernodes would get robbed and they should know better than keep any decent money anywhere near node accepting connections. This still would be nasty but not fatal.

There is simply no argument against this risk assessment. Case closed.


P.S. vote whatever you want 'upnp on' decision will be vetoed either by Gavin or by Satoshi himsef. So do not rush selling all your BTC's just yet.

In a remote buffer overflow scenario all nodes participating in the normal p2p network are pretty much fucked, no matter if they accept incoming connections or not.

Consider the following scenario:
Attacker exploits bug and disables all public nodes allowing incoming connections.
Nodes *not* allowing incoming connections see their outgoing connections count dropping and try to connect to new peers.
Only nodes left accepting incoming connections are under control of the attacker and exploit same bug in nodes connecting to them.
Whoops.

bitcoin: 1Fb77Xq5ePFER8GtKRn2KDbDTVpJKfKmpz
i0coin: jNdvyvd6v6gV3kVJLD7HsB5ZwHyHwAkfdw
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
March 12, 2011, 10:11:02 AM
 #10

I suspect most people running Linux at home are already either not using wifi NATs or have set themselves up in a DMZ.

UPnP is definitely a good thing, but it'll have the most impact for OS X and Windows users.

As to security, UPnP only has any effect on residential connections. It's already widely used by very popular software like Skype. Blanket arguments that it's a bad thing or should be off by default don't make a whole lot of sense to me. The people who need it most are the same people who won't know what it is and thus won't switch it on.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
March 13, 2011, 11:15:51 PM
 #11

It's ok to set it OFF by default, but I think that it is a good idea to show it with a wizard at the first start of the gui. ( example: emule )

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
March 13, 2011, 11:22:19 PM
 #12

Learn from FreeBSD and other decent OS. Stuff is off by default. Stuff opening ports to world wild web is definitely off by default.
Erm, no. Services may be disabled by default, certainly, but once you start (for example) Apache, it listens to port 80 by default. You don't have to jump through extra hoops to configure a port. Likewise, distros won't auto-launch bitcoind by default, but when the user does so, they should reasonably expect it to listen.

An unfounded possible vulnerability is no excuse to make things harder for the user than they have to be. There could just as well be a vulnerability in the transaction code, or anywhere else that is going to be exposed to all nodes regardless. If you don't trust the bitcoin wallet you're using to be secure, you shouldn't be using it period.

It is primary function of Apache to listen on port 80 and it is still not using UPnP. It is not primary function of bitcoin to listen on port 8333 while breaking out holes in badly configured routers/firewalls. Your argument is flawed. Try again.

Vladimir is 100% right.

Everything that is not needed for an application's primary function to function, should be turned off by default.

Also, UPnP is overall one big security hole. If somebody enables it, he should know what he is doing. By enabling UPnP by default, you are making computer-illiterate people create security holes.

m0Ray
Sr. Member
****
Offline Offline

Activity: 364



View Profile
March 14, 2011, 01:36:37 PM
 #13

I think that bitcoin must use a random port and encrypt its traffic. If it will be so, I see no evil in UPnP.

IT-услуги широкого профиля за биткойн.
V for Vendetta, not for «vvhite ribbon»
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
March 14, 2011, 02:03:36 PM
 #14

I think that bitcoin must use a random port and encrypt its traffic. If it will be so, I see no evil in UPnP.

I already suggested that here:
http://bitcointalk.org/index.php?topic=2909.0

However that is not as useful as i initially thought.

m0Ray
Sr. Member
****
Offline Offline

Activity: 364



View Profile
March 14, 2011, 08:25:41 PM
 #15

Once more I describe the problem I mean important.

The transaction originator isn't anonymous when originating node is sniffed. The sniffer can certainly detect if the transaction is originated by the sniffed node or it is just retranslated.
The truly anonymous bitcoin node must mix its original transactions in time with retranslated ones, randomize them, send dummy packets along with them etc...
Statistical and pattern analysis is widely used by secret services and other advanced criminals. Don't forget it.

So every bitcoin connection must use asymmetric cryptography and conform a so-called normal distribution. Or else everyone will be statistically detected and...

IT-услуги широкого профиля за биткойн.
V for Vendetta, not for «vvhite ribbon»
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
March 14, 2011, 08:33:25 PM
 #16

So every bitcoin connection must use asymmetric cryptography and conform a so-called normal distribution. Or else everyone will be statistically detected and...

Preventing that type of statistical network analysis attack is what Tor and i2p are for.  If you require that level of anonymity, run bitcoin via a proxy to communicate over those networks.

How often do you get the chance to work on a potentially world-changing project?
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1470


View Profile
March 14, 2011, 09:28:40 PM
 #17

Latest gnutella release adds support for UPNP and NAT-PMP...  Smiley

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
March 23, 2011, 09:31:34 PM
 #18

Bump as the pull is finally proper.  Comments?

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
sebastian
Member
**
Offline Offline

Activity: 119


View Profile
March 24, 2011, 01:49:25 AM
 #19

Voted "Off by default".

Reason: Since UPnP is something which can open incoming holes in a firewall, I think it should be off by default, and IF some user, which knows the consequences of enabling it, can enable it.

The reason is that Bitcoin in a such case will be very responsible for that computer's main security, if it has access to disable the firewall in a router (which UPnP is). For example, lets say there comes a exploit that allows someone to send a specifically crafted packet to bitcoin client on port 8333, and cause the bitcoin client to push out a UPnP packet opening arbiritary ports on the router. Dont give bitcoin too much abilities by default.

Also have safeguards in place that makes sure bitcoin CANNOT send out UPnP packets if its disabled in the interface. In other words, check in many places that UPnP is enabled before allowing a UPnP through, in many places, so even if a hacker manage to bypass a UPnP check via a exploit, there will be numerous other checks that needs to be bypassed too.

Read more here about the security consequences of UPnP:
http://www.grc.com/sn/sn-003.htm

And more here about how good security devices NAT:es are:
http://www.grc.com/nat/nat.htm
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2086



View Profile
March 24, 2011, 02:09:30 AM
 #20

More FUD. UPnP is not a security problem. NAT is not a security mechanism. If someone can exploit Bitcoin to send arbitrary packets, UPnP support is not going to make it much easier. UPnP is a hack to fix a hack (NAT). Neither should have ever existed, but UPnP brings things back to how they are supposed to be normally.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!