UPnP Mapping: some UPnP-enabled routers can be reconfigured from Internet

Discussion in 'other security issues & news' started by MrBrian, Sep 5, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html:
    Paper: hxxp://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Seems like a firmware design flaw, good thing I'm not using any of those routers.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Looks very bad, can they specify which device series are affected?
     
  4. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    124
    This scares me... i've just recently installed a dlink wireless router...though dlink isn't supposedly affected by this vulnerability, maybe the author just missed out on the brand? :(
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The paper mentioned in the first post gives models that are known to be vulnerable.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Oh that, thanks.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Is this a case to say that those who believe a router, on its own, is just fine, should reconsider their beliefs and start using a software firewall as well?
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    By the looks of it, it's more to say "buy a cheap router, expect cheap results". :)
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    One gets what one pays for, that's for sure... But, sometimes we pay too much for what we get, though. :argh:
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    On a side note I have been contemplating a DD-WRT compatible router if I upgrade in the future, but it doesn't seem to support modem/router combos, only pure routers. I've only ever used modem/router combos and wouldn't know where to start buying a modem, or justify buying 2 pieces of hardware just to run DD-WRT on one of them.
     
  13. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Good point m00nbl00d - inbound traffic

    Besides Disabeling Universal Plug and Play in the Router (UPnP)
    Also, if not needed, one should also Disable the; Universal Plug and Play Device Host Service, in Services (UPnP)
    Along with the Server for UPnP the; SSDP Discovery Service, in Services (Simple Service Discovery Protocol).


    HKEY1952
     
  14. guest

    guest Guest

    I always disable UPnP, with a couple of other tweaks on the default settings of my router's manufacturer firmware (which is also updated regularly).
     
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I went with an old machine running PFSense router distro. DD-WRT I tried on my old linksys, it was ok. I really really like the PFSense solution. You might have a look at that sort of thing if you want more than what the usual routers give you, if you have an old machine to use.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.