But its more complicated than that: the same (default public) is true for Hyper-V internal switches, VMware networks, VirtualBox networks, etc. And then there is 3rd party firewalls, some of which (try to) follow the MS firewall rules (but never 100% accurately). And then there are 7000+ users, the majority of which have no clue and file an issue here like "it doesn't work".
Long story short: there is the generic comment in the README that you can tighten this down if you want to. Most people are probably in a private zone (behind a home or work firewall). Maybe if you want to use this in your hotel room "protected" only by the hotel WiFi without any sort of VPN. Oh well...
I will leave this issue open for others to find. Maybe it will end up in the wiki at some point. This is not going to change anytime soon.
PS: About security: I can tell you things about VBoxUsb (the driver from VirtualBox that this software uses), but it would not conform to "responsible disclosure". I am afraid that adding any further security features are in vain and would only provide a false sense of security...
Thanks for the report/feature request.
But its more complicated than that: the same (default public) is true for Hyper-V internal switches, VMware networks, VirtualBox networks, etc. And then there is 3rd party firewalls, some of which (try to) follow the MS firewall rules (but never 100% accurately). And then there are 7000+ users, the majority of which have no clue and file an issue here like "it doesn't work".
Long story short: there is the generic comment in the README that you can tighten this down if you want to. Most people are probably in a private zone (behind a home or work firewall). Maybe if you want to use this in your hotel room "protected" only by the hotel WiFi without any sort of VPN. Oh well...
I will leave this issue open for others to find. Maybe it will end up in the wiki at some point. This is not going to change anytime soon.
PS: About security: I can tell you things about VBoxUsb (the driver from VirtualBox that this software uses), but it would not conform to "responsible disclosure". I am afraid that adding any further security features are in vain and would only provide a false sense of security...
Originally posted by @dorssel in https://github.com/dorssel/usbipd-win/issues/249#issuecomment-1030736756