| reply to TamaraB
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details . |
|
 TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
 ·Optimum Online
 ·Clearwire Wireless
| said by MrFixit1:You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .
Thanks. That's the first reasonable tool I've seen to test for this UPnP flaw. Now, I have to temporarily enable Java to use it  Java, that other full of holes disaster area 
--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."
"People should not be afraid of their governments. Governments should be afraid of their people"
|
|
Reviews:
 ·WestNet Broadband
| reply to TamaraB
said by TamaraB:said by norwegian:To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?
No, you didn't miss anything. The only way to know for sure if your router's UpNp implementation is accessible from the Internet is to probe it from the Internet. I did miss a little after seeing the tool when the link above was a download tool.
If you are accessing the internet from your home network, we now offer an alternative to ScanNow and Metasploit. The Rapid7 UPnP Check is a one-click security scan for broadband and mobile users. If you are concerned about the security of your non-technical friends and family, this is a quick way for them to check their home router for UPnP vulnerabilities. The main difference between this service and ScanNow is that the UPnP Check will run a scan from the internet and can only check the external interface of your router.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to Bill_MI
said by Bill_MI:said by NOYB:Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws. Steve Gibson has announced he'll be adding a Shields Up scan and hopes to have it up by this weekend at » grc.com. Steve often gets tagged as "alarmist" but may be justified in this case. He and Leo covered it rather well in today's Security Now: » twit.tv/show/security-now/389This thing is a multi-level-fiasco. Vendors are using old code that was fixed, simplified sample code that never should be used and to top it off... it's exposed to the world by some kind of pure incompetence or neglect. you have to blame MS for this.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | reply to Juggernaut
said by Juggernaut:UPnP has been disabled for years in services.msc. I've never had a problem with a device failing to work.
Of course not as you are confusing Hardware PnP (Plug aNd Play) with UPnP (Universal Plug aNd Play) and they are two completely different services.
»www.pcmag.com/encyclopedia_term/···4,00.asp
quote:
UPnP
(Universal Plug aNd Play) A family of protocols from the UPnP Forum (www.upnp.org) for automatically configuring devices, discovering services and providing peer-to-peer data transfer over an IP network. Introduced in 1999, UPnP is not PnP (Plug and Play). They are related in concept only as they both provide automatic configuration (see Plug and Play).
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
|
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| reply to norwegian
said by norwegian:It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.
Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great. |
|
 planet
join:2001-11-05
Oz
kudos:1
1 edit | said by TamaraB:said by norwegian:It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.
Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great. Wouldn't work on iOS/Safari either. Cog just spins.
Wouldn't GRC Shields Up work for this? I thought the scan pinged port 1900 UPnP. |
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
·WOW Internet and..
·Comcast
| said by planet:Wouldn't GRC Shields Up work for this? I thought the scan pinged port 1900 UPnP. We need someone vulnerable to try it. To my knowledge, GRC only does TCP and this port is UDP, at least to start. I'm pretty sure Steve is isolating the scan out to be very specific and, if I know Steve, it might query for info (but maybe not, too). |
|
Reviews:
·WestNet Broadband
| reply to Cabal
Also Windows Worms Doors Cleaner was a handy tool for XP, I'm not sure if gkweb  would review it for further advancement for Win7 and Win8.
»www.portablefreeware.com/index.php?id=861 |
|
 Wily_OnePremium
join:2002-11-24
San Jose, CA | reply to planet
said by MrFixit1:You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details . said by planet:said by TamaraB:said by norwegian:It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.
Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great. Wouldn't work on iOS/Safari either. Cog just spins. Neither Netalyzr or the Rapid7 net scans work, period. I tried them on Win7/IE9, WinXP/IE8 and WinXP/Firefox. On some it does nothing, on others the scan runs all the way through and continually repeats, never taking you to the Results.
|
|
planet
join:2001-11-05
Oz
kudos:1 | The scan worked with FireFox on XP for me. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·WOW Internet and..
·Comcast
| reply to Cabal
The GRC Public Test is up It's on the regular ShieldsUp! link here: »www.grc.com/default.htm
I'm SUPER GLAD to see Steve is seeing the inability to directly link is really clumsy so look for that to change soon.
There's bad assumptions about what it does and right now the button is named named "GRC's Instant uPnP Exposure Test". It's looking for the specific bad case when an internet connection responds to the uPnP query like a router would on the LAN. It does NOT detect if uPnP is on and working normally on the LAN, as it should only be. Exposure of this to the world (the WAN side) was never intended and represents a total botching of uPnP implemented on a device.
Anyone see a positive scan? It should reveal the uPnP details of the device that responds.
Last... Steve continues to tweak as we speak. So don't be surprised if it burps. |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | No probs on the scan, it's locked down.
edit-bad link. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·WOW Internet and..
·Comcast
| Um... not really. It's a time-sensitive link for your instance. See the jibberish on the end? A different jibberish is sent to everyone. This is what I'm hoping Steve will abolish for good.
EDIT: Ah! I see you removed it. I hope we'll have better links soon. |
|
Wily_OnePremium
join:2002-11-24
San Jose, CA
1 edit | reply to Bill_MI
Thanks for that. That scan worked, no problem. And it works without requiring Java (itself known for being vulnerability-infested) so that's a big +1. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 | Great! Notice there's more than one place to munge the IP.  |
|
Wily_OnePremium
join:2002-11-24
San Jose, CA | LOL - thanks. |
|
 Mangix
join:2012-02-16
united state
1 edit | reply to Cabal
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play Let me try demystifying a couple of things since I didn't see them mentioned here:
Most of the issue surrounding this report deals with the fact that the firmware on some routers opens the UPnP port on the WAN side and as such makes in accessible by anyone.
While it's true that this is a rather big issue, the fact is that 99.9% of the routers being sold today do not do this. They only expose UPnP on the LAN side, which is where it should be.
There is also the issue of exploits that were shown in the report. The fact is, if UPnP is not exposed on the WAN side, you'd have to break into the LAN, which is easier said than done. But at that point, might as well be game over anyways. The security of modern routers at the LAN side is absolutely terrible and this will not improve anytime soon.
The best recommendation I have is if your router supports it, flash it to dd-wrt, tomato, openwrt, gargoyle, w/e. Any third party firmware should be safe. At least if it's a recent version anyways.
And while on the topic, tomato does provide some extra security in that regard. See: »dl.dropbox.com/u/102011983/Tomat···upnp.png
Secure Mode is enabled by default while UPnP is disabled by default.
Having UPnP disabled is rather inconvenient while having it enabled does not lower security too much. Especially given tomato's implementation(miniupnpd 1.6) |
|
Wily_OnePremium
join:2002-11-24
San Jose, CA | said by Mangix:Most of the issue surrounding this report deals with the fact that the firmware on some routers opens the UPnP port on the WAN side and as such makes in accessible by anyone.
While it's true that this is a rather big issue, the fact is that 99.9% of the routers being sold today do not do this. They only expose UPnP on the LAN side, which is where it should be. Good point, and exactly why the only test I was interested in was the external test. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Wily_One
I've use netalyzr for many years on XP and now Win 8. On XP, I sometimes had problems with it not starting but that is because it didn't like my old version of Java which eventually would run only on IE6 and so both IE and Java were too old for it. It was fine once I finally updated Java.
On Win 8, it works fine on Fx 10 ESR, Opera 12 and IE 10. It is an excellent tool to analyze your network connection. It tells me some bad stuff about my connection that concerns me more than UPnP which I already knew about anyway.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
