Peer-to-Peer Security (Windows CE 5.0)
Peer-to-peer networking is a server-less networking technology that allows several network devices to share resources and communicate directly with each another. The following security considerations must be taken into account when you are developing a peer-to-peer application.
Even though PNRP can resolve names into IPv6 or IPv4 addresses, to resolve names, PNRP requires IPv6 connectivity. IPv6 connectivity can take any form, such as a direct connection to the IPv6 Internet or some IPv4 tunneling mechanism like 6to4 tunneling. For information about these mechanisms, see IPv6 and IPv4 Coexistence.
Ensure that the appropriate firewall rule is enabled on devices to allow PNRP traffic
Within a cloud, devices make use of PNRP to resolve names to IP addresses. If a device has firewall enabled or is behind another device with a firewall, such as a gateway, the messages associated with name resolution are blocked. To overcome this, configure the device with a rule that allows IPv6 traffic on ports 3540 through 3550. If you are using the Windows CE Firewall functionality, create this custom rule by using the FirewallCreateRule function. For firewall examples, see General Firewall Rule Examples.
Note Do not disable these rules because this will cause name resolution to fail.
For a list of default firewall rules, see Default IP Firewall Rules.
Default Registry Settings
For peers to bootstrap into the Global or the Internet PNRP cloud, a peer can contact a PNRP seed server hosted by Microsoft. To enhance security, this seed server value is defined in the HKEY_LOCAL_MACHINE\COMM\PeerNet\PNRP key, where only trusted applications can access it. For more information about this registry value, see Peer-to-Peer Registry Settings.
Applications that use the peer-to-peer networking infrastructure can use ports 3540 through 3550 for PNRP communication.
For more information about Windows CE security services, see Enhancing the Security of a Device.
Send Feedback on this topic to the authors