dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
36
share rss forum feed


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2

1 recommendation

reply to OZO

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Hi OZO. I think you're assuming the uPnP is confined to the LAN. One of the "you have to be kidding" in this is how millions of routers are apparently and incorrectly exposing uPnP on the WAN side. They're responding to UDP port 1900 on the net!


OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

Yes, of course. I presume that:
1. Any security aware and sane user will never allow to configure UPnP from WAN side.
2. Opened port / service that will allow to do that (configuration form WAN side) will be discovered in p1 test.
--
Keep it simple, it'll become complex by itself...



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to Bill_MI

This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right?
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit

1 recommendation

said by Juggernaut:

This is why this thread is discussing turning off UPnP. Both on a machine (LAN), and in the router (WAN). Those are the main vectors of vulnerability, right?

There's several layers of problems here. 1) uPnP has no intended function to EVER be on a router's WAN. Never! Makes no sense. Yet by something right out of a horror flick - it is! And by the millions. 2) These uPnP routers are also full of vulnerable code, much of which has been known for some time but never patched.

I'm not worried about my personal case. My compiled OpenWrt has no sign of any uPnP module, never has, and never will. BETTER than turning it off is not having it in the first place.

EDIT: Sorry, I think at least one of us (me) got confused in terminology.

The router's LAN responds to uPnP client requests and includes all sorts of functions. uPnP Clients such as XBox, TVs, Windows machines, etc. control the router this way. This LAN part of the router was never intended to be on the WAN of that same router... yet has been found there by the millions.