I’ve NEVER liked UPNP…. now I have another reason….



I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?


Nice, simple, easy…. Or, what if you’re little firewall is happily cloaking traffic from one internet machine to another internet machine. (Maybe even LONG after your spyware infestation has been cleaned up.) Or, what if you’re companies hvac controls are upnp enabled? is it hot in here? There are some GOOD details at securityview.org on these Upnp vulnerabilties the core of it is that authentication may be in the standard, but it doesn’t appear to be used.

Please, disable Upnp on your networked devices. Your life will be nice and simple if you’re not relaying mail for spammers or cloaking traffic for who knows what. And yes that means, you should either learn how to do port forwards manually, or pay someone to set them up for you. Sorry, but that’s the best way to actually have control over it at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Exploit in the wild for Apple vulnerability A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don't delay any further on patching.......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Wordpress 1.5.1.3 Security Vulnerability According to the entry for Wordpress 1.x at Secunia.com, there is a "Highly critical" Wordpress vulnerability announced August 10th that affects all 1.x versions including 1.5.1.3 The details are in this advisory. There is not yet an updated version of Wordpress to address the issue, but there is a possible......
Blog Traffic Exchange Related Websites
  • Windows Help Center Application Pose Grave Threat to Windows XP/Server 2003 "A new vulnerability has been reported to the general public this morning via the “Full-Disclosure” mailing list, and it is quite troubling", stated by Jonathan Davis, an IT Security Consultant in the Washington DC metro area.  He further stated, "There is a vulnerability that exists in the Windows help center......
  • Free Internet Security Suite Free iolo Internet Security for 1 Year Brave The New Web With Confidence for FREE Now for the 1st entry into the new Freebies Category, for FREE you get this nice, not so little program requiring 256MB of RAM that detects, blocks, and removes viruses, rootkits, worms, and trojans as......
  • eBook Fishing in California The Complete Guide to California Fishing Download Your 32 Page FREE eBook Are you planning a vacation to California? Looking for a better way to fish the more than 1000 lakes throughout this state? You'll find everything you need to know inside The Complete Guide to California Fishing! We've......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site