dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4262
simon726
join:2006-12-21
Ajax, ON

simon726

Member

[Internet] Rogers e-mail in regards to SSDP attacks

My mom had forwarded an e-mail to me that
her Rogers IP address has been identified as being "prone" to SSDP (Simple Service Discovery Protocol) attacks.

She's has a Compaq Presario CQ60 laptop running Windows Vista home premium and she shares her internet connection using a D-Link DIR-615 wireless router. Apart from that, she has a Motorola Surfboard modem that Rogers has provided to her.

Based on that e-mail she had forwarded to me - I realized that her router was affected by the SSDP attack because of this cause - not known to her: having UPnP (Universal Plug and Play) enabled on her router in question.

I wonder if you folks have receive these e-mails similar to the aforementioned problem that my mom has found out (although she is not as technical as I am)?

Anyways, some options (one or more) that I came up with may exist for my mom's situation:

- disable UPnP on her D-link router
- disable SSDP discovery service on laptop
- replace the Motorola Surfboard modem in question with a newer modem/gateway

For the first option above, it is among the easiest for me (based on this link from the e-mail)

As for the second option, having SSDP discover service in Manual would be feasible - but I'm not sure if they will make a difference.

For the third option, from what I had witnessed - her modem isn't experiencing any issues but if she were to replace her modem, then she'll get a modem/wireless gateway that Rogers have marketed/offered/supports (Rogers called these modem/gateway hybrid devices their "Advanced Wi-Fi modem").

Are there any other suggestions that I may had missed, folks?
Datalink
Premium Member
join:2014-08-11
Ottawa ON

Datalink

Premium Member

If you haven't previously updated the 615's firmware, take a look at DLinks site to grab the appropriate firmware version for that router. Looks like there was a mass update issued in May 2013. The latest version of that router has an update issued this year. That might solve part of the problem as well.
simon726
join:2006-12-21
Ajax, ON

simon726

Member

said by Datalink:

If you haven't previously updated the 615's firmware, take a look at DLinks site to grab the appropriate firmware version for that router. Looks like there was a mass update issued in May 2013. The latest version of that router has an update issued this year. That might solve part of the problem as well.

I've updated the firmware a while back - but that wouldn't make much difference. I'm going to narrow it down - by disabling the UPnP service on that router.

If all else fails, then I would advise my mom - to either:
- upgrade to a better wireless router
- exchange the modem that Rogers provides into a newer wi-fi modem

Those are the only options I can think of so far...
akoostik
join:2013-11-07

akoostik to simon726

Member

to simon726
I've received 2 emails/calls so far.

I'm using 2 public IPs in bridge mode - one router in my bedroom (DIR-862L) and one in the living room (DIR-850L). The emails are pointing to the 862L being the cause.

Never had issue with my 850L despite UPnP being enabled.
anon3313
join:2009-07-10
canada

anon3313 to simon726

Member

to simon726
Yes. got that note too. Turned off UPNP on router. (didnt realize it was on by default). No further contact.
simon726
join:2006-12-21
Ajax, ON

simon726

Member

I realized that my mom's router was a D-Link DIR-601 (not the DIR-615 as stated earlier in this thread). Anyways, I turned off the UPnP feature on her router and she won't know the difference when she surfed the internet.

As for the SSDP service - is it necessary to have the service on by default in Windows (either XP, Vista, 7 and 8/8.1)?

sbrook
Mod
join:2001-12-14
Ottawa

2 recommendations

sbrook to simon726

Mod

to simon726
I have always turned off uPnP on any devices I can.

TwiztedZero
Nine Zero Burp Nine Six
Premium Member
join:2011-03-31
Toronto, ON

TwiztedZero

Premium Member

uPnP stack exploits in the wild are certainly there though generally its considered a low risk for most people unless you're in a highly built up downtown area then your risk climbs considerably.

Its usually a good idea to turn off uPnP on a wifi router, though you'll have to set nat routing manually in that case when you introduce new equipment, not too difficult once you get the hang of it.

I've run uPnP exploits against my own equipment and can confirm they definitely do work.

Makaveli998
join:2002-04-23
Toronto, ON

Makaveli998 to simon726

Member

to simon726
Thankfully my DGL 4500 isn't affected.

I ran that test and it passed.