 |
 |  skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | Re: UPnP networking flaw puts millions of PCs at risk But has it ever been exploited? It's been around for eons but I've never seen any news of UPnP actually being exploited in the wild. | |
|
| |  fuziwuziNot born yesterdayPremium
join:2005-07-01
Atlanta, GA | Re: UPnP networking flaw puts millions of PCs at risk I have UPnP and NAT-PMP enabled on my Tomato-based E3000 and my desktop/laptop and other devices. It makes my home network SO much easier to deal with, and I'm not worried about any security risk. UPnP devices can only map to their own IP, not to any other and my network is secure in other ways. Nobody is getting into my computers without my knowledge or permission. I think it is like anything else, if you leave your router in the default settings, where it is wide open to anyone that comes by, well, you deserve whatever happens.
--
Teabaggers: Destroying America is Priority #1 | |
|
 KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | UPnP Vulnerability scanning tool.... »www.rapid7.com/resources/free-se···2013.jsp
The company, Rapid7 after detecting a massive vulnerability for Universal Plug n Play releases a scanning tool for users to check their network for vulnerabilities to disable them and render themselves safe. Very helpful.
So then I find it ironic that in order to run said tool, you have to enable Java. Oh, the delicious irony.
Let's fix vulnerabilities and instead expose them to completely different vulnerabilities. Good job, security experts.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
| |
|
| Rekrul
join:2007-04-21
Milford, CT Reviews:
 ·AT&T U-Verse
| Re: UPnP Vulnerability scanning tool.... said by KrK:So then I find it ironic that in order to run said tool, you have to enable Java. Oh, the delicious irony.
Let's fix vulnerabilities and instead expose them to completely different vulnerabilities. Good job, security experts. Gibson Research has a much smaller program that will disable UPnP on Windows systems. No Java or installation required;
»www.grc.com/unpnp/unpnp.htm | |
|
 elios
join:2005-11-15
Springfield, MO | All IP networks FCC should mandate any carrier wanting to change over to all IP must install fiber to home for 100% of its customers and offer at lest 100/100 speeds | |
|
| rradina
join:2000-08-08
Chesterfield, MO | Re: All IP networks I don't know if I would specify implementation (i.e. FTTH or FTTN + 1,000' of coax/copper). I'd rather see them specify capability.
For instance, 1Gbps symmetrical with no caps or a minimum cap that allows at least four TVs to stream at least 1080 HD video 8hours/day. If we assume an H.264 AVC HD stream requires 10Mbps (max), I think that works out to about 5TB for a 30 day month. It's likely most consumers would never reach that limit because few probably watch 8 hours x 4 TVs. (Assuming the equipment is smart enough to know when the TV is turned off. I think HDMI is smart enough to know so that shouldn't be a problem.)
Something like this shouldn't completely panic cable HFC plants (depending on how far they've pushed FTTN and how quickly the next DOCSIS specification that ditches the legacy 6mhz channel widths) but it would certainly put some pressure on the telco side to probably just do FTTH. | |
|
| | elios
join:2005-11-15
Springfield, MO | Re: All IP networks no it MUST be fiber to the home the old copper network needs to go
FTTN is stop gap and will need to be replaced AGAIN in the long run
FTTP is cheaper to maintain and cheaper to upgrade
you will NEVER push more then 50Mbps over copper unless its a VERY short loop 1000' at best more likely 500ft in the real world
even coax you cant push that much symmetrical it can do 50 to 100 or so down but uploads are limited to 10 or 20 Mbps at best
so if they want to go all IP they must be forced to upgrade all the copper to fiber | |
|
| | | rradina
join:2000-08-08
Chesterfield, MO | Re: All IP networks It doesn't have to be fiber if if you can do it with a hybrid approach. While unshielded copper doesn't have much life left in it, the new DOCSIS spec claims 10Gbps over coax. If you can share that amongst 50 - 100 subs, and tie it to a fiber node, that could buy significant time before finishing the last 1/2 mile. That could then be done when the coax reaches EOL and needs to be replaced. There are also folks kicking around wireless for the last 2,000 feet.
While FTTH/FTTP would be a great choice, it's best to let requirements drive implementation. If you pick an implementation and then decide what you want from it, that's back asswards.
Given a 1Gpbs symmetrical connection specification, the economics and technology may make fiber the only choice to meet the requirement. However, that's the proper way to engineer the solution and motivate innovation. | |
|
| | | | elios
join:2005-11-15
Springfield, MO | Re: All IP networks which is the point of 1Gbps req
you cant leave them any room to use any thing less then FTTP as it will just have to be replaced in the long run AGAIN any way | |
|
| | | | | rradina
join:2000-08-08
Chesterfield, MO | Re: All IP networks If the economics allow it to be replaced later but deliver the required specs now, you are just beating a dead horse. Granted, the telcos shouldn't try something foolish to deliver 1Gpbs over 1,000 foot run of copper but if cable can do 10Gpbs over 1,000 or 2,000 feet of coax and share that amongst enough subs to make the economics of FTTN work for another 10 years, why force FTTH? Let the market decide how to innovate and deliver the requirement.
If the government is going to subsidize it, then I by all means we should specify implementation. However, if all we're doing is allowing all-IP networks to be free of regulation, forcing a particular implementation seems too draconian.
Of course all of this is speculation since sufficient competition doesn't exist to eliminate regulation. There's also a huge cherry-picking problem that won't get solved at any cost (i.e. difficult areas remain under served regardless of what subs might be willing to pay.) | |
|
| | | | | | elios
join:2005-11-15
Springfield, MO | Re: All IP networks your missing what im saying
if the telecos want reg free IP based networks then as a condition of such they must offer 1Gbps symmetrical internet to 100% of there sales area or what ever you want to call it via FTTP
no less
oh and the telcos foot the bill them selves or no IP only based network they have to keep what using what they have
not a dime from the gov't
lets see how badly they really want regulation free IP based networks
this is the FCC's chance to make every thing right | |
|
| | | | | | | rradina
join:2000-08-08
Chesterfield, MO | Re: All IP networks OK -- got it. I assumed cable was part of this since they too would want to use an all-IP network to get rid of regulation. However, their premises link has a bit more game than the telco link.
I agree. The telco shouldn't fool around with some kind of half-ass last 1,000 feet involving some exotic modulation technique over copper. They should just do fiber all the way as Verizon did with FIOS. | |
|
| | | | | | | | elios
join:2005-11-15
Springfield, MO | Re: All IP networks now you got it
Cable is already fttn really so making them go fttp isnt as big a deal as the telcos
and it would seem they want to go all IP pretty badly
time for the FCC to make some demands | |
|
| | But... isn't UPnP used with Xbox, PC, routers, PS3, Wii, HDTV, BluRay and other "home" devices? And speaking of home user devices, DNLA uses UPnP making all home entertainment systems that are DNLA based, vulnerable.
--
Splat | |
|
|
|
·
·
·
