republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1

reply to OZO

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Hi OZO. I think you're assuming the uPnP is confined to the LAN. One of the "you have to be kidding" in this is how millions of routers are apparently and incorrectly exposing uPnP on the WAN side. They're responding to UDP port 1900 on the net!
to forum · permalink · 2013-01-30 22:37:45 ·

OZO
Premium
join:2003-01-17
kudos:2

Yes, of course. I presume that:
1. Any security aware and sane user will never allow to configure UPnP from WAN side.
2. Opened port / service that will allow to do that (configuration form WAN side) will be discovered in p1 test.
--
Keep it simple, it'll become complex by itself...

to forum · permalink · 2013-01-30 22:41:07 ·


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

reply to Bill_MI
This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right?
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein

to forum · permalink · 2013-01-30 22:51:02 ·


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
Reviews:
·WOW Internet and..
·Comcast
1 edit

said by Juggernaut:

This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right?

There's several layers of problems here. 1) uPnP has no intended function to EVER be on a router's WAN. Never! Makes no sense. Yet by something right out of a horror flick - it is! And by the millions. 2) These uPnP routers are also full of vulnerable code, much of which has been known for some time but never patched.

I'm not worried about my personal case. My compiled OpenWrt has no sign of any uPnP module, never has, and never will. BETTER than turning it off is not having it in the first place.

EDIT: Sorry, I think at least one of us (me) got confused in terminology.

The router's LAN responds to uPnP client requests and includes all sorts of functions. uPnP Clients such as XBox, TVs, Windows machines, etc. control the router this way. This LAN part of the router was never intended to be on the WAN of that same router... yet has been found there by the millions.
to forum · permalink · 2013-01-30 23:00:49 ·
Forums > Broadband Tech > Security > Security

Thursday, 20-Jun 00:19:10 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics