UPnP Mapping: some UPnP-enabled routers can be reconfigured from Internet

From http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html:

Paper: hxxp://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf

 

Seems like a firmware design flaw, good thing I'm not using any of those routers.

 

Looks very bad, can they specify which device series are affected?

 

This scares me... i've just recently installed a dlink wireless router...though dlink isn't supposedly affected by this vulnerability, maybe the author just missed out on the brand?

 

The paper mentioned in the first post gives models that are known to be vulnerable.

 

Oh that, thanks.

 

Additional routers have been found to be vulnerable. See http://www.us-cert.gov/cas/bulletins/SB11-332.html.

 

Still fine thankfully! Quite scary that people may be using these routers without a clue about this.

 

Is this a case to say that those who believe a router, on its own, is just fine, should reconsider their beliefs and start using a software firewall as well?

 

By the looks of it, it's more to say "buy a cheap router, expect cheap results".

 

One gets what one pays for, that's for sure... But, sometimes we pay too much for what we get, though.

 

On a side note I have been contemplating a DD-WRT compatible router if I upgrade in the future, but it doesn't seem to support modem/router combos, only pure routers. I've only ever used modem/router combos and wouldn't know where to start buying a modem, or justify buying 2 pieces of hardware just to run DD-WRT on one of them.

 

Good point m00nbl00d - inbound traffic

Besides Disabeling Universal Plug and Play in the Router (UPnP)
Also, if not needed, one should also Disable the; Universal Plug and Play Device Host Service, in Services (UPnP)
Along with the Server for UPnP the; SSDP Discovery Service, in Services (Simple Service Discovery Protocol).


HKEY1952

 

I always disable UPnP, with a couple of other tweaks on the default settings of my router's manufacturer firmware (which is also updated regularly).

 

I went with an old machine running PFSense router distro. DD-WRT I tried on my old linksys, it was ok. I really really like the PFSense solution. You might have a look at that sort of thing if you want more than what the usual routers give you, if you have an old machine to use.

Sul.