Ricky Beam jfbeam at
Tue Dec 3 03:24:27 UTC 2013

On Mon, 02 Dec 2013 22:02:39 -0500, Owen DeLong <owen at> wrote:
> Not really... First of all, domain or other windows authentication could  
> be used to validate the request.

Most home networks aren't part of a domain. (unless they're using versions  
beyond "home", they can't)

> Second, if it's site-scope multicast, unless both your ISP _AND_ your  
> own router are doing something wrong, it shouldn't get forwarded into  
> your site from outside.

All they have to do is get a single computer inside your network to run  
their little program. Drive-by download, any number of browser exploits,  
one idiot user...  Go talk to the security crowd about UPnP if you really  
want one computer to be able to ask another computer to alter it's  
firewall rules.

(domain policies do actually address this.)

More information about the NANOG mailing list