 TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
 ·Optimum Online
 ·Clearwire Wireless
| reply to skeechan
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play said by skeechan:I'm not seeing any Apple products, the ABES, TC, etc on any of the hardware lists unless I am missing something.
Thanks. What hardware vulnerability "lists" are you referring to? |
|
 skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | The ones linked to in the whitepaper. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to skeechan
said by skeechan:For the registration, as mentioned previously you can enter anything in there. I just put x x x x x on down.
I didn't think it would allow xxxxx. Thanks.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to jaykaykay
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
decades almost
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
|
|
Reviews:
 ·WestNet Broadband
| reply to TamaraB
said by TamaraB:Is there a remote test to determine if your Upnp implementation is vulnerable?
To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| said by norwegian:To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?
No, you didn't miss anything. The only way to know for sure if your router's UpNp implementation is accessible from the Internet is to probe it from the Internet.
--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."
"People should not be afraid of their governments. Governments should be afraid of their people"
|
|
 Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2
·TekSavvy DSL
·Shaw
·TELUS
| US Government Warns of Hack Threat to Network Gear
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.
Belkin, D-Link and Netgear did not respond to requests for comment.
»www.voanews.com/content/network-···376.html |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to jaykaykay
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
 Kicking the tires now |
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| You are kicking the tires from inside the car though. How do you know for sure you are protected from the outside? Only kicking the tires from the outside can tell you for sure. I have yet to see a test to do that. |
|
 NOYBSt. John 3.16Premium
join:2005-12-15
Forest Grove, OR
kudos:1 | reply to TamaraB
Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.
|
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to TamaraB
You're asking the wrong person if this GRC News tool has any transparency. These are tools of old that were as is no *Warranties, expressed, or implied.
Ask of those that have vetted this why they continue to use it and on what summations of information did they use in deciding to use it and continue recommending it's use.
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Sindows 7
said by Sindows 7:US Government Warns of Hack Threat to Network Gear
I see this near constant interference by DHS with the internet as very OMINOUS. 
Damn shame. 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2 Reviews:
·TekSavvy DSL
·Shaw
·TELUS
| reply to siljaline
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
all this does is disable the upnp service, which I have been doing for over a decade. |
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
·WOW Internet and..
·Comcast
| reply to NOYB
said by NOYB:Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws. Steve Gibson has announced he'll be adding a Shields Up scan and hopes to have it up by this weekend at »grc.com.
Steve often gets tagged as "alarmist" but may be justified in this case. He and Leo covered it rather well in today's Security Now: »twit.tv/show/security-now/389
This thing is a multi-level-fiasco. Vendors are using old code that was fixed, simplified sample code that never should be used and to top it off... it's exposed to the world by some kind of pure incompetence or neglect. |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to NOYB
said by NOYB:
Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.
I understand your desire to test it with some an automatic tool. But personally I don't see a way to automate that process. UPnP by design allows local applications to make port forwarding and open firewall for them. That could create security problem, but it's done by design and UPnP is just a tool for nefarious program, that you allowed to run inside your network.
In order to check UPnP for flaws you probably have to:
1. Scan router for all opened ports. If there is one - check to what service it's directed. If it's legal redirection (configured manually or via UPnP protocol) - no problem. If it's not - here is a potential security flaw, that you'd want to investigate further.
2. Always watch UPnP table of current port redirections. If you see some strange and unexpected one - go for the program that has requested it. If it's legitimate request? Then it's fine. If it's not, you have perhaps a trojan in your local network, which may use UPnP as one of the ways to do its dirty job. It's not a problem or (or with) UPnP. UPnP will just indicate potential problem with your local network.
3. If, as a result of p1 test or p2 watch, you'll find an opened port / forwarding to a host, that is not requested by any program -- now that could be considered as a flaw in UPnP. But first, it's hard to discover... and second, even in this case, it could be a problem with some program, that had requested that service and did not turn it off after it was done, and, therefore, it's not an actual problem with UPnP.
But in any case, begin with p1 test...
--
Keep it simple, it'll become complex by itself... |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 | Hi OZO. I think you're assuming the uPnP is confined to the LAN. One of the "you have to be kidding" in this is how millions of routers are apparently and incorrectly exposing uPnP on the WAN side. They're responding to UDP port 1900 on the net! |
|
OZOPremium
join:2003-01-17
kudos:2 | Yes, of course. I presume that:
1. Any security aware and sane user will never allow to configure UPnP from WAN side.
2. Opened port / service that will allow to do that (configuration form WAN side) will be discovered in p1 test.
--
Keep it simple, it'll become complex by itself... |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | reply to Bill_MI
This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right?
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·WOW Internet and..
·Comcast
1 edit | said by Juggernaut:This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right? There's several layers of problems here. 1) uPnP has no intended function to EVER be on a router's WAN. Never! Makes no sense. Yet by something right out of a horror flick - it is! And by the millions. 2) These uPnP routers are also full of vulnerable code, much of which has been known for some time but never patched.
I'm not worried about my personal case. My compiled OpenWrt has no sign of any uPnP module, never has, and never will. BETTER than turning it off is not having it in the first place.
EDIT: Sorry, I think at least one of us (me) got confused in terminology.
The router's LAN responds to uPnP client requests and includes all sorts of functions. uPnP Clients such as XBox, TVs, Windows machines, etc. control the router this way. This LAN part of the router was never intended to be on the WAN of that same router... yet has been found there by the millions. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to Sindows 7
Had mine on manual since I got this O/S. |
|
