dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7930
OZO
Premium Member
join:2003-01-17

1 recommendation

OZO to Bill_MI

Premium Member

to Bill_MI

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Yes, of course. I presume that:
1. Any security aware and sane user will never allow to configure UPnP from WAN side.
2. Opened port / service that will allow to do that (configuration form WAN side) will be discovered in p1 test.

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI

1 recommendation

Bill_MI to OZO

MVM

to OZO
Hi OZO. I think you're assuming the uPnP is confined to the LAN. One of the "you have to be kidding" in this is how millions of routers are apparently and incorrectly exposing uPnP on the WAN side. They're responding to UDP port 1900 on the net!
OZO
Premium Member
join:2003-01-17

1 recommendation

OZO to NOYB

Premium Member

to NOYB
said by NOYB:


Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.

I understand your desire to test it with some an automatic tool. But personally I don't see a way to automate that process. UPnP by design allows local applications to make port forwarding and open firewall for them. That could create security problem, but it's done by design and UPnP is just a tool for nefarious program, that you allowed to run inside your network.

In order to check UPnP for flaws you probably have to:
1. Scan router for all opened ports. If there is one - check to what service it's directed. If it's legal redirection (configured manually or via UPnP protocol) - no problem. If it's not - here is a potential security flaw, that you'd want to investigate further.

2. Always watch UPnP table of current port redirections. If you see some strange and unexpected one - go for the program that has requested it. If it's legitimate request? Then it's fine. If it's not, you have perhaps a trojan in your local network, which may use UPnP as one of the ways to do its dirty job. It's not a problem or (or with) UPnP. UPnP will just indicate potential problem with your local network.

3. If, as a result of p1 test or p2 watch, you'll find an opened port / forwarding to a host, that is not requested by any program -- now that could be considered as a flaw in UPnP. But first, it's hard to discover... and second, even in this case, it could be a problem with some program, that had requested that service and did not turn it off after it was done, and, therefore, it's not an actual problem with UPnP.

But in any case, begin with p1 test...

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

2 recommendations

Bill_MI to NOYB

MVM

to NOYB
said by NOYB:

Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.

Steve Gibson has announced he'll be adding a Shields Up scan and hopes to have it up by this weekend at »grc.com.

Steve often gets tagged as "alarmist" but may be justified in this case. He and Leo covered it rather well in today's Security Now: »twit.tv/show/security-now/389

This thing is a multi-level-fiasco. Vendors are using old code that was fixed, simplified sample code that never should be used and to top it off... it's exposed to the world by some kind of pure incompetence or neglect.

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

3 recommendations

Cartel to siljaline

Premium Member

to siljaline
said by jaykaykay:

»www.grc.com/unpnp/unpnp.htm. Been using this for years.

all this does is disable the upnp service, which I have been doing for over a decade.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Cartel

Premium Member

to Cartel
said by Cartel:

US Government Warns of Hack Threat to Network Gear

I see this near constant interference by DHS with the internet as very OMINOUS.

Damn shame.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to TamaraB

Premium Member

to TamaraB
You're asking the wrong person if this GRC News tool has any transparency. These are tools of old that were as is no *Warranties, expressed, or implied.
Ask of those that have vetted this why they continue to use it and on what summations of information did they use in deciding to use it and continue recommending it's use.


NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB to TamaraB

Premium Member

to TamaraB

Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to siljaline

Premium Member

to siljaline
said by siljaline:

Kicking the tires now

You are kicking the tires from inside the car though. How do you know for sure you are protected from the outside? Only kicking the tires from the outside can tell you for sure. I have yet to see a test to do that.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:

»www.grc.com/unpnp/unpnp.htm. Been using this for years.

Kicking the tires now

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel to TamaraB

Premium Member

to TamaraB
US Government Warns of Hack Threat to Network Gear

CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.

Belkin, D-Link and Netgear did not respond to requests for comment.

»www.voanews.com/content/ ··· 376.html

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

1 recommendation

TamaraB to norwegian

Premium Member

to norwegian
said by norwegian:

To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?

No, you didn't miss anything. The only way to know for sure if your router's UpNp implementation is accessible from the Internet is to probe it from the Internet.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to TamaraB

Premium Member

to TamaraB
said by TamaraB:

Is there a remote test to determine if your Upnp implementation is vulnerable?

To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

2 recommendations

AVD to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:

»www.grc.com/unpnp/unpnp.htm. Been using this for years.

decades almost
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to skeechan

Premium Member

to skeechan
Click for full size
said by skeechan:

For the registration, as mentioned previously you can enter anything in there. I just put x x x x x on down.

I didn't think it would allow xxxxx. Thanks.

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

skeechan to TamaraB

Premium Member

to TamaraB
The ones linked to in the whitepaper.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to skeechan

Premium Member

to skeechan
said by skeechan:

I'm not seeing any Apple products, the ABES, TC, etc on any of the hardware lists unless I am missing something.

Thanks. What hardware vulnerability "lists" are you referring to?

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

skeechan to Mele20

Premium Member

to Mele20
For the registration, as mentioned previously you can enter anything in there. I just put x x x x x on down.
skeechan

4 edits

skeechan to TamaraB

Premium Member

to TamaraB
I'm not seeing any Apple products, the ABES, TC, etc on any of the hardware lists unless I am missing something. I'm assuming because Apple uses NAT-PMP.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to Cabal

Premium Member

to Cabal
Is there a remote test to determine if your Upnp implementation is vulnerable?

Everything posted so far here requires installing test software on a windows PC. None of them run on Mac. I have an airport extreme (Time Capsule) router and run Upnp for Vonage and for back to my Mac.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Cabal

Premium Member

to Cabal
Their application to determine if you have these "flaws" requires full name, physical address, phone number, email address etc. in order to "register" your free program. You cannot use the "free" program until you cough up the personal information.

So, I deleted the program. Why didn't you warn us? I would not have downloaded this crap if you had warned us!

I had to enable UPnP in my router many years ago. It is still enabled and will remain so.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Cabal

MVM

to Cabal
Haven't used what could be classed as a "home router" in a long time... what's UPNP? [/sarcasm]

Good read otherwise.

Regards

trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky to Juggernaut

Premium Member

to Juggernaut
I ran the scan myself, I just inputted junk data into the program and it accepted it.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut to OZO

Premium Member

to OZO
The 'Zombie Surfer'! *Gasp*
OZO
Premium Member
join:2003-01-17

OZO to Juggernaut

Premium Member

to Juggernaut
Good. I do the same.

Example of just two usages:
* dynamic port assignment - torrent app. New (random) port is forwarded on the router every time it starts. Port is immediately closed when it's done.
* almost static port assignment (I may change it time to time) - SIP server, FreeSWITCH. Achieved convenience is - I change it in one place (SIP server's configuration) only.

Again, IT life is not simple like black and white. It may bring you benefits and desired automation, but one has to learn how to use it safely (because there are always people, who want to exploit everything at their disposal against gullible and naive). Another controversial for some example - I use actively ActiveX without security problems. Or, JavaScript is always on, whatever site I visit (Flash, on the other hand, can be started on my demand only and BTW, on all my computers its elevated privileges are removed, search this forum for my posts how to do it). And at the same time, I don't run any AV products all the time. I simply don't need them, because I do what you're doing -- practice safe hex

The main problem INHO sits on a chair and clicks on any links or buttons it sees...

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut to OZO

Premium Member

to OZO
Bud, as I've stated, I've never needed it with any prog or device yet. And, I do practice safe hex.
OZO
Premium Member
join:2003-01-17

OZO to Juggernaut

Premium Member

to Juggernaut
said by Juggernaut:

The funny thing is, I can't think of a reason why it should even be there.

What is even funnier - I'm using it for the last decade and never had any security problem with it

As with everything in this life there is a danger and there is a usefulness. Knife is an example. I'm sure that many. many people cut their fingers with knives every day. Nevertheless, they still use it... I think the same is true about UPnP. Take your time and get a knowledge how to use it safely and then ... use it safely

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut to services

Premium Member

to services
Of course, as I build my own boxes. I set up my mobo's by hand to tweak the performance, and eliminate this kind of stuff.

services
@anonymouse.org

services to Juggernaut

Anon

to Juggernaut
said by Juggernaut:

Yep. I think it's on by default in pretty much every router. The funny thing is, I can't think of a reason why it should even be there.

I think its so people using certain services can get out to the net, like torrent or a game or program instead of having to set port forwarding. Portforward = port always open, upnp only opens the port when you launch an app. Correct me if im wrong, if I am I will also disable it on my router and see how it plays on the net with my apps!

Side note , if i remember correctly some mobos even have upnp in the bios, do you disable that too?

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut to DigitalXeron

Premium Member

to DigitalXeron
I see. I'm not a gamer, so it's something I've not encountered. Thanks.