I’ve NEVER liked UPNP…. now I have another reason….



I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?


Nice, simple, easy…. Or, what if you’re little firewall is happily cloaking traffic from one internet machine to another internet machine. (Maybe even LONG after your spyware infestation has been cleaned up.) Or, what if you’re companies hvac controls are upnp enabled? is it hot in here? There are some GOOD details at securityview.org on these Upnp vulnerabilties the core of it is that authentication may be in the standard, but it doesn’t appear to be used.

Please, disable Upnp on your networked devices. Your life will be nice and simple if you’re not relaying mail for spammers or cloaking traffic for who knows what. And yes that means, you should either learn how to do port forwards manually, or pay someone to set them up for you. Sorry, but that’s the best way to actually have control over it at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • SSH, Proxies (Proxy's?), Tor and Web Browsing For quite some time I've been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I'm out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and......
  • Computer security software nets $2.6 Billion over last two years. SecurityFix is talking about the computer security industry. Further, computer users spend $9 billion a year on computers repairs from spyware and antivirus. This reminds me of a recent story of a man that threw out a perfectly good machine because it was infested with spyware. For starters, I do......
Blog Traffic Exchange Related Websites
  • eBook Fishing in California The Complete Guide to California Fishing Download Your 32 Page FREE eBook Are you planning a vacation to California? Looking for a better way to fish the more than 1000 lakes throughout this state? You'll find everything you need to know inside The Complete Guide to California Fishing! We've......
  • 5 Free Security Softwares - Must Use Here are 5 Free Security Softwares that you can use to combat your fear against Adwares, Viruses, Trojans, etc. 1.Avast Home Edition: Best Free Antivirus Avast is one of the best antiviruses I recommend to my friends. It is free and has many features which many of the Antiviruses lack.......
  • Windows Help Center Application Pose Grave Threat to Windows XP/Server 2003 "A new vulnerability has been reported to the general public this morning via the “Full-Disclosure” mailing list, and it is quite troubling", stated by Jonathan Davis, an IT Security Consultant in the Washington DC metro area.  He further stated, "There is a vulnerability that exists in the Windows help center......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site