Bill_MIBill In MichiganPremium,MVMReviews:
Royal Oak, MI
·WOW Internet and..
|reply to planet |
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play
said by planet:Hi planet. I'm really curious and Linksys is no help.
Figures my E1500 is effected. I've always disabled UPnP on my router anyway but if I ever want to play games online with my xbox, I may need to.
The problem is 2-fold. 1) UPnP code is exploitable. 2) UPnP services are exposed to the net (WAN) interface. This is specifically what the GRC scan looks for.
1) isn't good but it's DOUBLE HORRIBLE if you also have 2).
Anyone daring, enable UPnP and see if the »grc.com ShieldsUp! scan detects it. I'm thinking no. This means it's just bad but not horrible.
EDIT: There's a giant leap of vulnerability between 1) and 2). Reports are in that there's active scanning from many sources, for item 2) at this time so don't be feeding the bad guys unnecessarily if you don't have good recovery techniques.