UPnP Mapping: some UPnP-enabled routers can be reconfigured from Internet

Discussion in 'other security issues & news' started by MrBrian, Sep 5, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html:
    Paper: hxxp://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,027
    Seems like a firmware design flaw, good thing I'm not using any of those routers.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Looks very bad, can they specify which device series are affected?
     
  4. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    This scares me... i've just recently installed a dlink wireless router...though dlink isn't supposedly affected by this vulnerability, maybe the author just missed out on the brand? :(
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The paper mentioned in the first post gives models that are known to be vulnerable.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Oh that, thanks.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,027
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Is this a case to say that those who believe a router, on its own, is just fine, should reconsider their beliefs and start using a software firewall as well?
     
  10. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,027
    By the looks of it, it's more to say "buy a cheap router, expect cheap results". :)
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    One gets what one pays for, that's for sure... But, sometimes we pay too much for what we get, though. :argh:
     
  12. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,027
    On a side note I have been contemplating a DD-WRT compatible router if I upgrade in the future, but it doesn't seem to support modem/router combos, only pure routers. I've only ever used modem/router combos and wouldn't know where to start buying a modem, or justify buying 2 pieces of hardware just to run DD-WRT on one of them.
     
  13. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Good point m00nbl00d - inbound traffic

    Besides Disabeling Universal Plug and Play in the Router (UPnP)
    Also, if not needed, one should also Disable the; Universal Plug and Play Device Host Service, in Services (UPnP)
    Along with the Server for UPnP the; SSDP Discovery Service, in Services (Simple Service Discovery Protocol).


    HKEY1952
     
  14. guest

    guest Guest

    I always disable UPnP, with a couple of other tweaks on the default settings of my router's manufacturer firmware (which is also updated regularly).
     
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I went with an old machine running PFSense router distro. DD-WRT I tried on my old linksys, it was ok. I really really like the PFSense solution. You might have a look at that sort of thing if you want more than what the usual routers give you, if you have an old machine to use.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.