dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
28
share rss forum feed


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to TamaraB

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Click for full size
said by TamaraB:

said by norwegian:

To be quite honest I didn't run the tool - why would you download, install or run a program, it basically voids any test - if it was a web based probe I would understand, but install internal to the network defeats the test, unless I miss something here?

No, you didn't miss anything. The only way to know for sure if your router's UpNp implementation is accessible from the Internet is to probe it from the Internet.

I did miss a little after seeing the tool when the link above was a download tool.

If you are accessing the internet from your home network, we now offer an alternative to ScanNow and Metasploit. The Rapid7 UPnP Check is a one-click security scan for broadband and mobile users. If you are concerned about the security of your non-technical friends and family, this is a quick way for them to check their home router for UPnP vulnerabilities. The main difference between this service and ScanNow is that the UPnP Check will run a scan from the internet and can only check the external interface of your router.

It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
said by norwegian:

It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.

Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great.


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

1 edit
said by TamaraB:

said by norwegian:

It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.

Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great.

Wouldn't work on iOS/Safari either. Cog just spins.

Wouldn't GRC Shields Up work for this? I thought the scan pinged port 1900 UPnP.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..
said by planet:

Wouldn't GRC Shields Up work for this? I thought the scan pinged port 1900 UPnP.

We need someone vulnerable to try it. To my knowledge, GRC only does TCP and this port is UDP, at least to start. I'm pretty sure Steve is isolating the scan out to be very specific and, if I know Steve, it might query for info (but maybe not, too).


Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse
reply to planet
said by MrFixit1:

You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .

said by planet:

said by TamaraB:

said by norwegian:

It doesn't work for me though. Chrome had a cog turning, IE9 doesn't do anything.

Nor for me either. There is no Mac version. Glad to see it can test from the Internet though. If Grc adds an Internet test for this it would be great.

Wouldn't work on iOS/Safari either. Cog just spins.

Neither Netalyzr or the Rapid7 net scans work, period. I tried them on Win7/IE9, WinXP/IE8 and WinXP/Firefox. On some it does nothing, on others the scan runs all the way through and continually repeats, never taking you to the Results.


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
Click for full size
The scan worked with FireFox on XP for me.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Wily_One
I've use netalyzr for many years on XP and now Win 8. On XP, I sometimes had problems with it not starting but that is because it didn't like my old version of Java which eventually would run only on IE6 and so both IE and Java were too old for it. It was fine once I finally updated Java.

On Win 8, it works fine on Fx 10 ESR, Opera 12 and IE 10. It is an excellent tool to analyze your network connection. It tells me some bad stuff about my connection that concerns me more than UPnP which I already knew about anyway.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson