I've been railing against uPnP for years. I always disable it on my client's routers.
What it does is allow apps running on your computer to configure port forwarding on your router. Why is that bad? The app could just as easily be a virus. uPnP in no way indicates what ports have been openned - it's completely invisible and doesn't show up in the port forwarding control panel.
It's convenient, but it's a bad idea. Better for you to do your own port forwarding:
http://arstechnica.com/security/2013/01 ... -play-now/
To prevent hacking, disable Universal Plug and Play now!
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
To prevent hacking, disable Universal Plug and Play now!
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
And to be clear, because I didn't explain in the original post, while UPnP is ba enough in it's normal operational mode, the big hoopla right now is that someone discovered that something like 3 - 4% of the routers in use right now (via port testing) have a flaw which ma
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
-
FlyingPenguin
- Flightless Bird
- Posts: 33161
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
And just to be clear, because I didn't explain it in the original post:
UPnP is badly flawed when implemented PROPERLY. What this researcher discovered is that many home routers allow UPnP to be accessible from the WAN side (the Internet side) of the router, which is a disaster.
GRC.COM's Shield's Up test now has a UPnP exploit detection feature. Go to the Services menu, select Shields Up, then click Proceed, and then click on the UPnP exposure test button.
UPnP is badly flawed when implemented PROPERLY. What this researcher discovered is that many home routers allow UPnP to be accessible from the WAN side (the Internet side) of the router, which is a disaster.
GRC.COM's Shield's Up test now has a UPnP exploit detection feature. Go to the Services menu, select Shields Up, then click Proceed, and then click on the UPnP exposure test button.
---
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
“The Government of Spain will not applaud those who set the world on fire just because they show up with a bucket.” - Prime Minister of Spain, Pedro Sánchez
i got:FlyingPenguin wrote:And just to be clear, because I didn't explain it in the original post:
UPnP is badly flawed when implemented PROPERLY. What this researcher discovered is that many home routers allow UPnP to be accessible from the WAN side (the Internet side) of the router, which is a disaster.
GRC.COM's Shield's Up test now has a UPnP exploit detection feature. Go to the Services menu, select Shields Up, then click Proceed, and then click on the UPnP exposure test button.
"THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)"
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.