UPnP

Discussion in 'Computer Security' started by Stuart M, Feb 24, 2005.

  1. Stuart M

    Stuart M Guest

    I have been thinking about UPnP on routers. Am I right in thinking that if
    you have this enabled, a program is able to open incoming ports on your
    router?
    If this is true, what is to stop a malicious program from opening its own
    ports using UPnP and opening your pc to access from anyone who tries to
    conect to said program?
    Stuart M, Feb 24, 2005
    #1
    1. Advertising

  2. If you have questions on uPnP -- the following is a *good* place to ask.

    news://msnews.microsoft.com/microsoft.public.upnp

    --
    Dave




    "Stuart M" <> wrote in message news:...
    | I have been thinking about UPnP on routers. Am I right in thinking that if
    | you have this enabled, a program is able to open incoming ports on your
    | router?
    | If this is true, what is to stop a malicious program from opening its own
    | ports using UPnP and opening your pc to access from anyone who tries to
    | conect to said program?
    |
    |
    David H. Lipman, Feb 24, 2005
    #2
    1. Advertising

  3. Stuart M

    winged Guest

    Stuart M wrote:
    > I have been thinking about UPnP on routers. Am I right in thinking that if
    > you have this enabled, a program is able to open incoming ports on your
    > router?
    > If this is true, what is to stop a malicious program from opening its own
    > ports using UPnP and opening your pc to access from anyone who tries to
    > conect to said program?
    >
    >

    I would do this only with a very very good reason to do so. I can think
    of no reason good enough.

    Universal plug and pray can be very dangerous to use and does open you
    up to vulnerabilities. The FBI recommended for some time that this be
    disabled due to the compromise potential, though I haven't seen anything
    recently on this.

    Yes UPnP can allow for dynamic opening and closing of ports. Yes, it can
    be exploited.

    I would think long and hard before I enabled the service. I had to go
    out of my way to ensure UPnP was specifically disabled on all of our
    systems. Sometimes convenience has a price in this case, in my personal
    opinion, the risk is too high.

    Winged
    winged, Feb 25, 2005
    #3
  4. "winged" <> wrote in message news:cvlv46$
    | Stuart M wrote:
    || I have been thinking about UPnP on routers. Am I right in thinking that if
    || you have this enabled, a program is able to open incoming ports on your
    || router?
    || If this is true, what is to stop a malicious program from opening its own
    || ports using UPnP and opening your pc to access from anyone who tries to
    || conect to said program?
    ||
    ||
    | I would do this only with a very very good reason to do so. I can think
    | of no reason good enough.
    |
    | Universal plug and pray can be very dangerous to use and does open you
    | up to vulnerabilities. The FBI recommended for some time that this be
    | disabled due to the compromise potential, though I haven't seen anything
    | recently on this.
    |
    | Yes UPnP can allow for dynamic opening and closing of ports. Yes, it can
    | be exploited.
    |
    | I would think long and hard before I enabled the service. I had to go
    | out of my way to ensure UPnP was specifically disabled on all of our
    | systems. Sometimes convenience has a price in this case, in my personal
    | opinion, the risk is too high.
    |
    | Winged


    But that is if you have not patched the OS and TCP port 5000 is open to the Internet. When
    using uPnP in conjunction with uPnP compliant Routers, there is no problem as this
    networking remains on the LAN side and does not cross the LAN/WAN barrier.

    The advantages of using uPnP compliant; Routers, OSs and applications are indeed worth
    using it.

    I haven't seen *any* <you know who's> CERT vulnerability Assessments on uPnP and you know
    <who's> requirement it is to go to WinXP.

    --
    Dave
    David H. Lipman, Feb 25, 2005
    #4
  5. Stuart M

    winged Guest


    > I haven't seen *any* <you know who's> CERT vulnerability Assessments on uPnP and you know
    > <who's> requirement it is to go to WinXP.
    >

    True, but you know who misses much and should not be relied on to issue
    alerts on all aspects, they barely hit the high points, and usually long
    after the threat is known. I believe the statistic is something like
    80% of hacks that occur or are induced from inside users, usually to
    bypass internal restrictions. I have found some users very umm creative.

    There are currently about 40 known viruses/bots which exploit UPNP to
    allow communication, with 2 new ones being released this month alone.
    http://secunia.com/search/?search=upnp&w=2

    Netgear has an issues (patched) where UPnP is used to disclose internal
    passwords.

    With the higher Gods requiring use of IE on the standard desktop with an
    excess of 10+ current known exploits some of which allow code from
    remote sites to run code of their choice run on the local host with the
    permissions of the attackers choice, I am not comforted.

    I have some wonderful users. If there is exploit code on the net, they
    will find it.

    Side Note: Actually I publish an internal newsletter directed at the
    home user to our local community has helped educate our users to ongoing
    issues and they are getting much better at avoiding pitfalls, but it has
    taken a year to get the message to sink in. User education is one of
    the best mechanisms one can use to reduce issues. By directing it at
    the home user I can talk about things that they are not even suppose to
    run so they can understand the threat from an intellectual basis instead
    of a policy one. If you can reduce home computer target you reduce the
    possibility of the threat coming in through the back door. Most users
    don't want to compromise the network, but when they don't understand the
    threats, they will. There are always a few disgruntled workers that
    strive for compromise. The hardest issue I have is reducing the content
    where a non-techy can understand it. If subject matter is too stoic or
    too technical they won't read it because they really don't understand
    the lingo.

    I am probably just overly paranoid however I still believe that UPNP is
    best run in the off position. By manually determining what is open to
    where, and layering firewalls (boundary firewalls in large orgs are
    sieves) and filters, it complicates the task of compromise. UPnP can
    defeat the layered security topology and make life much easier for the
    bad guys. In our configuration, we turn off UPnP in XP and on 2003
    server. It is essential to know what is open to where and why a
    specific allow is open. I don't want anything changing whats supposed
    to be open dynamically.


    Winged
    winged, Feb 25, 2005
    #5
  6. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:3tvTd.17391$uc.1036@trnddc09...
    > "winged" <> wrote in message

    news:cvlv46$
    > | Stuart M wrote:


    <snip>

    > But that is if you have not patched the OS and TCP port 5000 is open to

    the Internet. When
    > using uPnP in conjunction with uPnP compliant Routers, there is no problem

    as this
    > networking remains on the LAN side and does not cross the LAN/WAN barrier.
    >
    > The advantages of using uPnP compliant; Routers, OSs and applications

    are indeed worth
    > using it.
    >
    > I haven't seen *any* <you know who's> CERT vulnerability Assessments on

    uPnP and you know
    > <who's> requirement it is to go to WinXP.


    IIRC, there have been advisories for both Netgear and Linksys [Cisco]
    routers, but nothing that I remember recently. Most have, IIRC, been for XP
    itself.

    I'm not a Messenger user, so this may be out of date...

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Feb 27, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chuck

    Re: UPNP on SMC 7404WBRA

    Chuck, Sep 26, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    449
    Chuck
    Sep 26, 2004
  2. Sanford Aranoff

    UPNP

    Sanford Aranoff, Nov 10, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    904
    Sanford Aranoff
    Nov 10, 2005
  3. me
    Replies:
    0
    Views:
    578
  4. Groper

    Cisco 2500 & UPnP

    Groper, Feb 18, 2004, in forum: Cisco
    Replies:
    1
    Views:
    722
  5. MidLevel
    Replies:
    1
    Views:
    540
    Barb Bowman
    Feb 4, 2008
Loading...

Share This Page