Dream KillerGraveyard ShiftPremium
Forest Hills, NY
|reply to smrtech |
Re: Common Router Security Flaw - You Want to Check This!
If the router has the UPNP flaw, just explicitly block UDP Port 1900 and TCP Port 5000 through the firewall.
For FiOS MI424wr:
Go to Firewall Settings on the top bar then to "Advanced filtering". On the "Inbound" area (the top table), click "Add" to the right of Broadband Connection. It's either Ethernet or Coax, choose whichever your internet is hooked up to.
Click the drop down "Protocol", and pick on "User Defined". Add server ports, "protocol" is UDP, "source" is "Any" and destination is single range port 1500. Click apply and repeat the previous step for TCP 5000. Name the service something, I call it "Upnp-flaw", then click apply.
It should bring you back to the "Add Advanced Filter" page. Make sure operation is "Drop Packets" then click Apply. Your page should now look like this:
Just to demonstrate that it works, I enabled logging for the rule and ran the test again at GRC. Here's what I got after two passed tests:
I looked up who that packet belonged to and it did originate from the GRC test:
Blocked packet belongs to GRC.
This rule should be added if you use UPnP. It will only drop the packets coming in from the WAN side and will have no effects on the normal use of UPnP.