Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User stuorguk
(member) Thu 31-Jan-13 12:52:29
Print Post

uPnP - 50 million network devices open to packet attack


[link to this post]
 
Surprised nobody has mentioned uPnP issue.
As ever, Steve Gibson makes it clear what the problem is.

I have never enabled uPnP. Always thought it a bad idea. Now the cat is out of the bag, check your router TODAY.
Standard User stuorguk
(member) Thu 31-Jan-13 13:26:57
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
The Register has an article about it.

ISP's need to check the equipment they have supplied their customers. The potential here is to attack everybody with a single UDP packet, that can be spoofed (and thus hard to trace).
Moderator billford
(moderator) Thu 31-Jan-13 13:36:37
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
Some other thoughts about it...

Bill
bill@thinkbroadband.com __________________Planes and Boats and ... __________________BQMs: IPv4 IPv6
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.


Register (or login) on our website and you will not see this ad.

Standard User stuorguk
(member) Thu 31-Jan-13 13:49:34
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: billford] [link to this post]
 
Yeah, I saw that. Rather confusing thread. From what Steve Gibson was saying, this is something new. uPnP has been found to be residing on the WAN side of the router. The LAN side has been known for years to have vulnerabilities.

You cant test this by downloading software.

Edited by stuorguk (Thu 31-Jan-13 13:50:38)

Standard User bobble_bob
(experienced) Thu 31-Jan-13 16:13:14
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
Anyone care to explain this in English. I know about upnp but not sure how this exploit works. They just send a packet containing whatever to your router and upnp just opens the port and lets it through?
Standard User stuorguk
(member) Thu 31-Jan-13 16:25:17
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: bobble_bob] [link to this post]
 
uPnP is a bit like giving the keys to the occupants of your safe house so that they can let visitors in. The lock is suppose to work only from the inside. So if a visitor stole a key, at worst, they could leave the door open (this is bad enough in my view – how long before you notice). Externally there is no keyhole....or shouldn’t be. However, stupid router manufactures put the lock on the door so that it is accessible from the outside too. Worse still, their uPnP implementations are full of bugs, so you dont even need a key!

US Homeland Security: Disable UPnP as tens of millions at risk
Standard User bobble_bob
(experienced) Thu 31-Jan-13 16:38:10
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
Cheers. What would happen if you did disable it on a home network? Would applications like messenger, skpe or whatever, aswell as devices like mobiles, xbox, playstation need to be manually configured to allow access?

Edited by bobble_bob (Thu 31-Jan-13 16:52:01)

Standard User Pipexer
(eat-sleep-adslguide) Thu 31-Jan-13 19:27:40
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
Unfortunately, with all articles like this, it takes a very good understanding of networking/computers in order to properly assess the security vulnerability in its proper context. To me, I couldn't give a stuff, my computer is secure it doesn't matter whether it has no ports forwarded or is in the DMZ.

The problem is anyone without any knowledge of this sort of level is almost always going to misinterpret the situation and get overly paranoid (or not paranoid enough)!

Zen 8000 Pro
Standard User stuorguk
(member) Thu 31-Jan-13 19:50:19
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: Pipexer] [link to this post]
 
Your computer might be secure, but is your router? It is after all a computer that could be made to become a botnet, or even destroyed.

PC's tend to update themselves automatically for security updates. Routers dont. It's a plastic box that gets forgotten by most people.
Standard User Pipexer
(eat-sleep-adslguide) Thu 31-Jan-13 20:34:34
Print Post

Re: uPnP - 50 million network devices open to packet attack


[re: stuorguk] [link to this post]
 
In reply to a post by stuorguk:
Your computer might be secure, but is your router? It is after all a computer that could be made to become a botnet, or even destroyed.

PC's tend to update themselves automatically for security updates. Routers dont. It's a plastic box that gets forgotten by most people.

While not impossible that is highly unlikely, and also, I would consider that a separate issue to uPnP, what if it was just insecure "as is", not related to uPnP at all?

Admittedly, I wouldn't put anything past some of the cheapo ISP-supplied routers, they probably come pre-flashed from the factory with backdoors installed.

Zen 8000 Pro
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to