OZOPremium
join:2003-01-17
kudos:2 | reply to Bill_MI
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play Yes, of course. I presume that:
1. Any security aware and sane user will never allow to configure UPnP from WAN side.
2. Opened port / service that will allow to do that (configuration form WAN side) will be discovered in p1 test.
--
Keep it simple, it'll become complex by itself... |
|
|
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 | reply to OZO
Hi OZO. I think you're assuming the uPnP is confined to the LAN. One of the "you have to be kidding" in this is how millions of routers are apparently and incorrectly exposing uPnP on the WAN side. They're responding to UDP port 1900 on the net! |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to NOYB
said by NOYB:
Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.
I understand your desire to test it with some an automatic tool. But personally I don't see a way to automate that process. UPnP by design allows local applications to make port forwarding and open firewall for them. That could create security problem, but it's done by design and UPnP is just a tool for nefarious program, that you allowed to run inside your network.
In order to check UPnP for flaws you probably have to:
1. Scan router for all opened ports. If there is one - check to what service it's directed. If it's legal redirection (configured manually or via UPnP protocol) - no problem. If it's not - here is a potential security flaw, that you'd want to investigate further.
2. Always watch UPnP table of current port redirections. If you see some strange and unexpected one - go for the program that has requested it. If it's legitimate request? Then it's fine. If it's not, you have perhaps a trojan in your local network, which may use UPnP as one of the ways to do its dirty job. It's not a problem or (or with) UPnP. UPnP will just indicate potential problem with your local network.
3. If, as a result of p1 test or p2 watch, you'll find an opened port / forwarding to a host, that is not requested by any program -- now that could be considered as a flaw in UPnP. But first, it's hard to discover... and second, even in this case, it could be a problem with some program, that had requested that service and did not turn it off after it was done, and, therefore, it's not an actual problem with UPnP.
But in any case, begin with p1 test...
--
Keep it simple, it'll become complex by itself... |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
 ·WOW Internet and..
·Comcast
| reply to NOYB
said by NOYB:Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws. Steve Gibson has announced he'll be adding a Shields Up scan and hopes to have it up by this weekend at »grc.com.
Steve often gets tagged as "alarmist" but may be justified in this case. He and Leo covered it rather well in today's Security Now: »twit.tv/show/security-now/389
This thing is a multi-level-fiasco. Vendors are using old code that was fixed, simplified sample code that never should be used and to top it off... it's exposed to the world by some kind of pure incompetence or neglect. |
|
 Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2
 ·TekSavvy DSL
·Shaw
·TELUS
| reply to siljaline
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
all this does is disable the upnp service, which I have been doing for over a decade. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Sindows 7
said by Sindows 7:US Government Warns of Hack Threat to Network Gear
I see this near constant interference by DHS with the internet as very OMINOUS. 
Damn shame. 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to TamaraB
You're asking the wrong person if this GRC News tool has any transparency. These are tools of old that were as is no *Warranties, expressed, or implied.
Ask of those that have vetted this why they continue to use it and on what summations of information did they use in deciding to use it and continue recommending it's use.
|
|
 NOYBSt. John 3.16Premium
join:2005-12-15
Forest Grove, OR
kudos:1 | reply to TamaraB
Wonder if there will be a BBR / DSL Reports tool for testing for UPnP security flaws.
|
|
 TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
·Optimum Online
 ·Clearwire Wireless
| reply to siljaline
You are kicking the tires from inside the car though. How do you know for sure you are protected from the outside? Only kicking the tires from the outside can tell you for sure. I have yet to see a test to do that. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to jaykaykay
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
 Kicking the tires now |
|
Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2 Reviews:
·TekSavvy DSL
·Shaw
·TELUS
| reply to TamaraB
US Government Warns of Hack Threat to Network Gear
CERT in turn has tried to contact the more than 200 companies whose products Rapid7 have identified as being vulnerable to attack, including Belkin, D-Link, Cisco Systems Inc's Linksys division and Netgear.
Belkin, D-Link and Netgear did not respond to requests for comment.
»www.voanews.com/content/network-···376.html |
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| reply to norwegian
said by norwegian:To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?
No, you didn't miss anything. The only way to know for sure if your router's UpNp implementation is accessible from the Internet is to probe it from the Internet.
--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."
"People should not be afraid of their governments. Governments should be afraid of their people"
|
|
Reviews:
·WestNet Broadband
| reply to TamaraB
said by TamaraB:Is there a remote test to determine if your Upnp implementation is vulnerable?
To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to jaykaykay
said by jaykaykay:http://www.grc.com/unpnp/unpnp.htm. Been using this for years.
decades almost
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to skeechan
said by skeechan:For the registration, as mentioned previously you can enter anything in there. I just put x x x x x on down.
I didn't think it would allow xxxxx. Thanks.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | reply to TamaraB
The ones linked to in the whitepaper. |
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| reply to skeechan
said by skeechan:I'm not seeing any Apple products, the ABES, TC, etc on any of the hardware lists unless I am missing something.
Thanks. What hardware vulnerability "lists" are you referring to? |
|
skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | reply to Mele20
For the registration, as mentioned previously you can enter anything in there. I just put x x x x x on down. |
|
skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2
4 edits | reply to TamaraB
I'm not seeing any Apple products, the ABES, TC, etc on any of the hardware lists unless I am missing something. I'm assuming because Apple uses NAT-PMP. |
|
TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx Reviews:
·Optimum Online
·Clearwire Wireless
| reply to Cabal
Is there a remote test to determine if your Upnp implementation is vulnerable?
Everything posted so far here requires installing test software on a windows PC. None of them run on Mac. I have an airport extreme (Time Capsule) router and run Upnp for Vonage and for back to my Mac. |
|
