I have a bit of a not-so-naive question I hope I can get answered. In general, I think there's a lot of fear from users to opening a port on their router/firewall because of security concerns. I'd like to understand the exact reason for this.
Now I can understand that if some clueless person installs some questionable application on his Windows machine and opens up a port on his router so that it can work, he's opening himself up to a lot of trouble. But what is the real problem of doing this? I understand that a buggy app or an unpatched (or even patched!) Windows environment probably has loads of exploitable problems that hackers can find and do damage with.
But what if the thing listening on the other end of the open port was some hardware device based on Linux and running some Java app. Assuming that all of that were relatively safe, would I still need to worry about the open port boogeyman?
What about DOS attacks? If I have a relatively strong and locked down app that will turn away everyone that I can't authenticate, how much more susceptable to DOS attacks am I vs. if I simply keep my router closed?
Finally, I know that opening ports is hard because most people don't know how to configure their router. Can't you use something like UPnP to do this automatically? But then again, how automatically can it be? Can apps just open router ports by themselves, or do they need to prompt the user for a password first?