Topic 'Security Flaws in Universal Plug-n-Play: Unplug, Don't Play' in forum 'Security' - dslreports.com

Re: The GRC Public Test is up

Mon, 04 Feb 2013 22:10:39 EDT

Libra posted : Thank you for posting the link to the Shields Up Upnp test. I just took the test and my IP did not respond to the UPnP probes. :)

Sincerely, Libra

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Mon, 04 Feb 2013 15:02:28 EDT

Doctor Olds posted :

said by Juggernaut:

said by Doctor Olds:

Of course not as you are confusing Hardware PnP (Plug aNd Play) with UPnP (Universal Plug aNd Play) and they are two completely different services.

Missed your reply, Doc. Sorry.

Have a look: About »Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Silijaline also posted the same image. It is UPnP in services.msc.

Of course it is, I was referring to your statement that no hardware stopped working or didn't function when you disabled UPnP, which isn't UPnP or SSDP (both are actually used in UPnP) functional purpose, but it is Hardware PnP that handles the hardware in your PC so that's why no devices stopped working in or connected to your PC after shutting off/stopping/disabling UPnP.

said by Juggernaut:

UPnP has been disabled for years in services.msc. I've never had a problem with a device failing to work.

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 22:48:59 EDT

DrDrew posted : The WNR3500L takes a pretty standard 12vdc 1a power plug. Available for under $10 with free shipping even to Hawaii at a few sites I checked.

You could also reset your router, if you ever wanted to. You won't lose the version of firmware on it. Linksys doesn't do that, you'd have to open the router and jumper a couple of chip pins to wipe the firmware.

If you want the beta firmware for your old router, look here: »/r0/down···code.zip It's BEFSR41V3_v1.06.05_000_code.bin if anything that should give you a file name to search for on your XP machine.

It was posted on this thread, 7 years ago:
»Re: [ENG] TM402P reset
--
Two is one, one is none. If it's important, back it up... Somethimes 99.999% availability isn't even good enough.

Re: broadcom upnp remote preauth root code

Sat, 02 Feb 2013 21:02:35 EDT

norwegian posted :
I noted mine is not on the list, and I doubt that the list at defensecode covers every router manufacturer out there with the specific chipset either.
Understand what you are saying, however I have sent an email to support to ask the question.
They could say "no it has good firmware" but that could still only be them politely telling me to go away.
I wonder if there will be an Internet based tool for all this - and works. At present, Berkeley's needs java, rapid7's tool doesn't seem to function and I'm doubting GRC's test is specific to the UPNP issue discussed here.

Anyone else know of anything that can test?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

Re: broadcom upnp remote preauth root code

Sat, 02 Feb 2013 20:44:48 EDT

trparky posted : It's not the chipset that makes a particular router vulnerable or not. It's the software/firmware that drives it.

broadcom upnp remote preauth root code

Sat, 02 Feb 2013 20:40:31 EDT

norwegian posted : Thought this needs to be posted here as well.
First noted by Smokey Bear here. I'm not sure if this is all the same issue or a new topic.

»blog.defensecode.com/2013/01/bro···ode.html

All routers with a Broadcom chipset are affected?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 20:35:19 EDT

Juggernaut posted :

said by Doctor Olds:

Of course not as you are confusing Hardware PnP (Plug aNd Play) with UPnP (Universal Plug aNd Play) and they are two completely different services.

Missed your reply, Doc. Sorry.

Have a look: About »Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Silijaline also posted the same image. It is UPnP in services.msc.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 20:24:29 EDT

norwegian posted :
I'm starting to wonder what exactly needs to be in place to stop this, I'm thinking the GRC site is not a valued test for this.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 20:07:01 EDT

Bill_MI posted :

said by planet:

Figures my E1500 is effected. I've always disabled UPnP on my router anyway but if I ever want to play games online with my xbox, I may need to. :(

Hi planet. I'm really curious and Linksys is no help.

The problem is 2-fold. 1) UPnP code is exploitable. 2) UPnP services are exposed to the net (WAN) interface. This is specifically what the GRC scan looks for.

1) isn't good but it's DOUBLE HORRIBLE if you also have 2).

Anyone daring, enable UPnP and see if the »grc.com ShieldsUp! scan detects it. I'm thinking no. This means it's just bad but not horrible. :-)

EDIT: There's a giant leap of vulnerability between 1) and 2). Reports are in that there's active scanning from many sources, for item 2) at this time so don't be feeding the bad guys unnecessarily if you don't have good recovery techniques.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 16:23:41 EDT

trparky posted : »www.4shared.com/file/7shFFAB3/to···012.html
That should get you secured. That's a third-party firmware file for the E1500.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 16:20:08 EDT

planet posted : List of effected Linksys routers:

Linksys Products Impacted
The following devices have been confirmed as impacted by this vulnerability:

1. E900
2. E1200 v2
3. E1000 v2.1
4. E1500
5. M10 v2
6. WRT610N v1
7. WRT610N v2

The following devices have been confirmed as NOT IMPACTED by this vulnerability:

1. E2500
2. RE1000
3. E1000 v2
4. E1000 v1
5. E1200 v1
6. E1550
7. E3200
8. E4200
9. M10 v1
10. M20
11. WRT160N v3
12. WRT310N v2
13. All EA series

Found here:
»homekb.cisco.com/Cisco2/ukp.aspx···id=28341

Figures my E1500 is effected. I've always disabled UPnP on my router anyway but if I ever want to play games online with my xbox, I may need to. :(

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 10:29:23 EDT

trparky posted : Mele20 , Linksys routers themselves are great routers. Yeah, their customer support as you put it, sucks. But who cares, as long as the router works it's fine.

I have the Linksys E3200 router. It's running TomatoUSB ToastMan's Edition. It has more features that you can shake a stick at! WAN and LAN side bandwidth monitoring is one such feature. The firmware's always up to date since the guy is releasing firmware on a weekly basis (that's good!) and a very lively community behind it on LinksysInfo.org.

I doubt that Belkin will change the Linksys products at the moment. Remember... they just signed the deal. Integration of the company is barely done, product lines have yet to be merged. There's still a lot of Linksys E-Series routers out there. Grab one while you still can.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 06:52:55 EDT

Name Game posted :

said by Mele20:

I don't know how to put it more clearly. I cannot access the router's interface due to a nasty bug that reset my password long ago to an arbitrary one. Yes, I could reset the router to factory default and then I could get in its interface. BUT I can't use the router AT ALL unless it has beta firmware from Europe flashed and I can't currently access my old XP machine to try and find it ...it has an odd name for searching for it in a huge downloaded programs folder. Plus, even if I found it, I have a bad feeling about flashing a router this old with beta firmware. I don't even know if I would need to first flash 4 OLDER beta firmware versions before I would flash this one I need. (Do the beta firmware versions build upon the one before it or not? What about the actual released firmware versions since I got the router? Would I have to flash each of them and then the beta firmware versions)?

Of course not.. hard reset it to factory setting and then put on what you like. each beta is not stacked.

»www.dd-wrt.com/wiki/index.php/Re···ad_Flash

»www.idealinternet.co.uk/restore-···ware.tpl
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 06:43:53 EDT

Mele20 posted :

said by Frodo:

Then I guess your router is broke. Not old, but broke. If you're concerned about this UPnP thing, then you'll have to get a new one.

Maybe not. I just read the Defense Code paper. My router does not have a Broadcom chip. The chip is a Kendin Ks8695. I doubt it is vulnerable. Linksy should list which ones of theirs are vulnerable. I doubt that any Linksy routers so old that DD-WRT firmware cannot be made to work on them are vulnerable.

On an ironic note, I now remember that it was my activating UPnP in the router that caused the nasty bug to trigger that set a random password. I stumbled on the threads at Linksy just now and decided to again try the passwords users say are what the router sets when it sets a "random" one (and that worked for some users but not others). They didn't work on Fx but I thought, what the heck, I'll try on IE as one has a character that evidently the browser adds...so I did that and IE popped a Security Warning that the Linksy User Name and Password would be transmitted as plain text :D
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: The GRC Public Test is up

Sat, 02 Feb 2013 02:13:33 EDT

TamaraB posted :

said by Bill_MI:

I
Anyone see a positive scan? It should reveal the uPnP details of the device that responds.

Thanks for the link, looks like Apple Time Capsules are safe.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Sat, 02 Feb 2013 00:57:34 EDT

bluepoint posted : NVM

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 21:06:48 EDT

Mele20 posted : Yep. I would have to get a new router whenever my ISP implements IPv6 as my router has no idea what that is...it is that old. I would rather wait awhile (since my ISP has said nothing about when IPv6 will be implemented and also because I wanted to finish paying for my new computer first). Plus, I was always going to buy another Linksy (even though support on this one was not good ....but the router was good) but now Cisco has sold Linksy to Belkin I don't think I want a Linksy, but other brands don't interest me much either.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:48:31 EDT

Frodo posted : Then I guess your router is broke. Not old, but broke. If you're concerned about this UPnP thing, then you'll have to get a new one.

When I looked in my router's firewall log, other than the GRC scans, I didn't see any UPnP probing.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:36:13 EDT

Mele20 posted : I don't know how to put it more clearly. I cannot access the router's interface due to a nasty bug that reset my password long ago to an arbitrary one. Yes, I could reset the router to factory default and then I could get in its interface. BUT I can't use the router AT ALL unless it has beta firmware from Europe flashed and I can't currently access my old XP machine to try and find it ...it has an odd name for searching for it in a huge downloaded programs folder. Plus, even if I found it, I have a bad feeling about flashing a router this old with beta firmware. I don't even know if I would need to first flash 4 OLDER beta firmware versions before I would flash this one I need. (Do the beta firmware versions build upon the one before it or not? What about the actual released firmware versions since I got the router? Would I have to flash each of them and then the beta firmware versions)?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:10:04 EDT

Frodo posted :

said by Mele20:

You read too fast. ...

I must have read too fast too. Because, earlier, I thought I read, "My problem is that I cannot access my router for years now. ... So, I can't turn off UPnP because I can't get into the router interface."

And what I thought I just read was how to reset the password to a default, so that you could presumably log into the router and turn off the UPnP.

Them reading comprehension problems.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:08:03 EDT

Juggernaut posted : A router reset does not alter FW at all.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:03:21 EDT

Mele20 posted : You read too fast. :p

The problem is not resetting it. It is then flashing the beta firmware version I need to get Ping Plotter Pro to work with it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 20:01:56 EDT

Mele20 posted :

said by DrDrew:

Just take that Netgear WNR3500L you got from the SamKnows project, which they replaced with something else, and load Tomato, DD-WRT, or something else onto it: »www.myopenrouter.com/download/list

You've already got that router, it's just collecting dust unused right? SamKnows doesn't want it back and you don't like the Netgear firmware on it.

I guess it would be ok to do that. The original agreement with SK was that we would not be able to change the firmware on the Netgear until 3 years into the project which it has not been. (But they never asked for it back...still, I would need to get permission from them as they still could ask for both back when the testing ends. Plus, I don't have a converter plug for it because the TP-Link didn't come with one for USA electrical power (Neil sent me one that was lying around his office for him to test with as I was the first tester in the USA to get one of them) and he told me to just use the one for the Netgear as it would fit the TP-Link. So, I'd have to buy a converter plug that would fit it before I could try that and in Hilo...
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 19:42:23 EDT

Name Game posted : Never found a linksys router yet you could not reset it back to the factory setting with a toothpick in the hole in the bottom when it is on or a combination of special buttons..that will then let you back in again with the default password..or none at all. so what is your model number that is it so special ?

»pcsupport.about.com/od/linksys-d···word.htm

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 19:21:49 EDT

DrDrew posted : Just take that Netgear WNR3500L you got from the SamKnows project, which they replaced with something else, and load Tomato, DD-WRT, or something else onto it: »www.myopenrouter.com/download/list

You've already got that router, it's just collecting dust unused right? SamKnows doesn't want it back and you don't like the Netgear firmware on it.
--
Two is one, one is none. If it's important, back it up... Somethimes 99.999% availability isn't even good enough.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 18:29:33 EDT

Mele20 posted :

said by huh :

I have a ~10 year old linksys wrt54g v2 that is still supported by openwrt, ddwrt and tomato.

These days a router that supports ddwrt costs about $20. I would think in this case buying a new router would be better than keeping an old buggy one that's life has likely run its course. I mean $20 over 10-12 years? That's $2 a year and you get 802.11n support too.

Yeah...$20 and the shipping to Hawaii is $50.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 18:05:18 EDT

Mangix posted : Try doing the types of test that Netalyzr does without Java. I dare you. I double dare you.

At the end of the day, Java requires less investment of resources to get one thing to run in multiple places(browsers, OSes, etc...).

Plus, Java will only mess you up if you allow it to run on other sites. The choice is yours.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 17:54:17 EDT

MrFixit1 posted : Didn't want to take the time to clean up a screen image ,this is where to look.
Address-based Tests + –
NAT detection (?): NAT Detected +
Local Network Interfaces (?): OK +
DNS-based host information (?): OK +
NAT support for Universal Plug and Play (UPnP) (?): Not found +

Should add that since GRC has it running , use that one .

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 17:50:23 EDT

MrFixit1 posted : Do not disagree with you Sindows ,the nice thing about Firefox is how easy it is to turn Java on and off . Since I normally run the test with only one instance of FF running , and then turn Java back off , not too worried about it.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 11:52:11 EDT

HELLFIRE posted :

said by Bill_MI:

It's on the regular ShieldsUp! link here: »www.grc.com/default.htm

Quick test confirmed UPNP not open on my end... thanks be for that.

said by MrFixit1:

You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .

netalyzer, while the output was interesting on a technical level, didn't see an option about UPNP... or am I missing something?
Someone able to screenshot their results for reference?

Going to be interesting to watch this one... bets on this being the biggest 2013 security brouhaha?

Regards

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 11:36:05 EDT

Sindows 7 posted :

said by MrFixit1:

You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .

You won't need to worry about upnp if you install JAVA!!

Berkeley have their head up their ass?

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 11:16:29 EDT

anon posted : I have a ~10 year old linksys wrt54g v2 that is still supported by openwrt, ddwrt and tomato.

These days a router that supports ddwrt costs about $20. I would think in this case buying a new router would be better than keeping an old buggy one that's life has likely run its course. I mean $20 over 10-12 years? That's $2 a year and you get 802.11n support too.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 08:23:51 EDT

Mele20 posted : My problem is that I cannot access my router for years now. There is a bad bug that Linksy didn't bother telling about until us users stumbled on it and that was too late. I didn't insert the password TWICE on something...I have forgotten what exactly...that I was changing in the router interface and because I only inserted the password once (logical thing to do) and was not told to insert it again...that caused the router to create a RANDOM password and lock me out. I found lots of Linksy router users with the same problem...no password suggested in Linksy forums would unlock the random password.

So, I had beta firmware from Linksy Europe FTP server...never was offered in the USA because Linksy told me USA customers were too stupid to flash the beta firmware properly and too stupid to even understand they needed it. Linksy customer service was awful even when the router was new). Without the beta firmware, I can't use Ping Plotter Pro. I don't think I have a copy of the firmware on my old XP machine. So, I can't reset the router to factory default as then I can't use Ping Plotter Pro. I have to have this beta firmware. Plus, I don't want to mess with an old router resetting to factory default and then the various (this was the fifth beta firmware I installed) beta firmwares. It might kill the router or definitely mess up my network which has problems anyway and I don't need any more). Linksy was bad long before Cisco bought them. The Ping Plotter author and I both contacted them back then and they could care less...they didn't even suggest the beta firmware we found that allowed Ping Plotter to work with the router.

So, I can't turn off UPnP because I can't get into the router interface. I enabled it years ago for some Microsoft something that had to have it. Irony...huh?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 07:31:19 EDT

Frodo posted :

said by Mele20:

A lot of people have OLD routers.

You could try a workaround. Someone in this thread said that the UPnP uses port 1900 UDP. So, one thing I would try is to port forward UDP 1900 in the router to a non-existent Lan IP, to some internal UPD port, say 65535 and run the test again to see if you're still vunerability.

Not saying it is going to work, but that would be the kind of thing I would try. If Linksys didn't intend the UPnP to work from the ~~Lan~~ Wan side, the port forward might be a way to bypass the vulnerability. Good luck.

edit: fix the side I was talking about

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 05:40:47 EDT

Mele20 posted : Yes, it does have wide support but ONLY for newer routers. A lot of people have OLD routers. I got mine in 2003. The Oceanic TWC foreman has a Linksy router that is 12 years old...my friends have 7-10 year old routers. NONE of them are new enough to run third party software. Plus, you can't run it until your warranty (2-3 years) is over unless the word warranty is meaningless to you.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 04:48:31 EDT

Mangix posted : dd-wrt has very wide hardware support. The original WRT54G is still supported by dd-wrt. Not sure what your router is though.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 04:45:36 EDT

Mele20 posted : Gee, you must think everyone has new, or relatively new routers, to be telling them to flash them to WRT or something. My router will be 10 years old in October. It is vulnerable. Linksy has stated that all their older routers have the vulnerability. I don't want a new router because Linksy has been sold to Belkin (ugh) and I don't like Netgear, DLink, etc. I'll have to get a new router eventually whenever TWC finally turns on IPv6 and I am not looking forward to that day.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 04:39:46 EDT

Mele20 posted : I've use netalyzr for many years on XP and now Win 8. On XP, I sometimes had problems with it not starting but that is because it didn't like my old version of Java which eventually would run only on IE6 and so both IE and Java were too old for it. It was fine once I finally updated Java.

On Win 8, it works fine on Fx 10 ESR, Opera 12 and IE 10. It is an excellent tool to analyze your network connection. It tells me some bad stuff about my connection that concerns me more than UPnP which I already knew about anyway.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 03:54:10 EDT

Wily_One posted :

said by Mangix:

Most of the issue surrounding this report deals with the fact that the firmware on some routers opens the UPnP port on the WAN side and as such makes in accessible by anyone.

While it's true that this is a rather big issue, the fact is that 99.9% of the routers being sold today do not do this. They only expose UPnP on the LAN side, which is where it should be.

Good point, and exactly why the only test I was interested in was the external test.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Fri, 01 Feb 2013 03:51:08 EDT

Mangix posted : Let me try demystifying a couple of things since I didn't see them mentioned here:

Most of the issue surrounding this report deals with the fact that the firmware on some routers opens the UPnP port on the WAN side and as such makes in accessible by anyone.

While it's true that this is a rather big issue, the fact is that 99.9% of the routers being sold today do not do this. They only expose UPnP on the LAN side, which is where it should be.

There is also the issue of exploits that were shown in the report. The fact is, if UPnP is not exposed on the WAN side, you'd have to break into the LAN, which is easier said than done. But at that point, might as well be game over anyways. The security of modern routers at the LAN side is absolutely terrible and this will not improve anytime soon.

The best recommendation I have is if your router supports it, flash it to dd-wrt, tomato, openwrt, gargoyle, w/e. Any third party firmware should be safe. At least if it's a recent version anyways.

And while on the topic, tomato does provide some extra security in that regard. See: »dl.dropbox.com/u/102011983/Tomat···upnp.png

Secure Mode is enabled by default while UPnP is disabled by default.

Having UPnP disabled is rather inconvenient while having it enabled does not lower security too much. Especially given tomato's implementation(miniupnpd 1.6)

Re: The GRC Public Test is up

Fri, 01 Feb 2013 03:12:31 EDT

Wily_One posted : LOL - thanks. :)

Re: The GRC Public Test is up

Fri, 01 Feb 2013 01:40:41 EDT

Bill_MI posted : Great! Notice there's more than one place to munge the IP. :o :)

Re: The GRC Public Test is up

Fri, 01 Feb 2013 01:16:00 EDT

Wily_One posted :

said by Bill_MI:

It's on the regular ShieldsUp! link here: »www.grc.com/default.htm

Thanks for that. That scan worked, no problem. And it works without requiring Java (itself known for being vulnerability-infested) so that's a big +1.

Re: The GRC Public Test is up

Fri, 01 Feb 2013 00:01:34 EDT

Bill_MI posted : Um... not really. It's a time-sensitive link for your instance. See the jibberish on the end? A different jibberish is sent to everyone. This is what I'm hoping Steve will abolish for good.

EDIT: Ah! I see you removed it. :-) I hope we'll have better links soon.

Re: The GRC Public Test is up

Thu, 31 Jan 2013 23:52:10 EDT

Juggernaut posted : No probs on the scan, it's locked down.

edit-bad link.

The GRC Public Test is up

Thu, 31 Jan 2013 23:43:54 EDT

Bill_MI posted : It's on the regular ShieldsUp! link here: »www.grc.com/default.htm

I'm SUPER GLAD to see Steve is seeing the inability to directly link is really clumsy so look for that to change soon.

There's bad assumptions about what it does and right now the button is named named "GRC's Instant uPnP Exposure Test". It's looking for the specific bad case when an internet connection responds to the uPnP query like a router would on the LAN. It does NOT detect if uPnP is on and working normally on the LAN, as it should only be. Exposure of this to the world (the WAN side) was never intended and represents a total botching of uPnP implemented on a device.

Anyone see a positive scan? It should reveal the uPnP details of the device that responds.

Last... Steve continues to tweak as we speak. So don't be surprised if it burps. :-)

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Thu, 31 Jan 2013 22:12:52 EDT

planet posted : The scan worked with FireFox on XP for me.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Thu, 31 Jan 2013 21:19:16 EDT

Wily_One posted :

said by MrFixit1:

You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .

said by planet:

said by TamaraB:

said by norwegian:

It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.

Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great.

Wouldn't work on iOS/Safari either. Cog just spins.

Neither Netalyzr or the Rapid7 net scans work, period. I tried them on Win7/IE9, WinXP/IE8 and WinXP/Firefox. On some it does nothing, on others the scan runs all the way through and continually repeats, never taking you to the Results.

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Thu, 31 Jan 2013 18:19:20 EDT

norwegian posted : Also Windows Worms Doors Cleaner was a handy tool for XP, I'm not sure if gkweb would review it for further advancement for Win7 and Win8.

»www.portablefreeware.com/index.php?id=861

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Thu, 31 Jan 2013 12:45:22 EDT

Bill_MI posted :

said by planet:

Wouldn't GRC Shields Up work for this? I thought the scan pinged port 1900 UPnP.

We need someone vulnerable to try it. To my knowledge, GRC only does TCP and this port is UDP, at least to start. I'm pretty sure Steve is isolating the scan out to be very specific and, if I know Steve, it might query for info (but maybe not, too).