Re: Attempts to exploit Firewall/Router -- DO NOT ENABLE UPnP
- From: Vahis <waxborg@xxxxxxxxxxxxxxxxx>
- Date: Sun, 17 Feb 2008 18:24:30 GMT
On 2008-02-17, J G Miller <miller@+KeinSpam+yoyo.ORG> wrote:
Also, note that it is *critical* not to turn on the UPnP
(Universal Plug and Play) capabilities of routers.
http://blogs.techrepublic.COM/tech-news/?p=1902
QUOTE
Severe UPnP/Flash vulnerability discovered
A researcher has demonstrated an attack vector that uses Adobe Flash to
exploit a vulnerability in networking devices that support UPnP. An
attacker only needs to convince a user to open a URL with the malicious
file. A successful exploit will open the floodgates to the remote control
and configuration of UPnP-enabled devices.
UNQUOTE
Technical details of how the Universal Plug and Play vulnerability
is exploited can be found at
<http://www.gnucitizen.ORG/blog/hacking-the-interwebs>
I must admit that I don't quite understand the concept of UPnP at this
moment. I need some reading obviously.
Anyway, I checked my router and there's an option to enable UPnp as well
as pass UPnp through firewall.
Everything about UPnP there is disabled by default and I've never
changed it (like I said, I don't even know what it is)
So far so good.
It seems that there are some people out there prospecting...
Vahis
Remodeling my site to train new things:
http://waxborg.servepics.com
--
"The only thing more expensive than training is the lack of it"
Henry Ford
.
- Follow-Ups:
- References:
- Attempts to exploit Firewall/Router
- From: Vahis
- Re: Attempts to exploit Firewall/Router -- DO NOT ENABLE UPnP
- From: J G Miller
- Attempts to exploit Firewall/Router
- Prev by Date: Re: SLES10 / Reiserfs / recomanded FS
- Next by Date: AVG
- Previous by thread: Re: Attempts to exploit Firewall/Router -- DO NOT ENABLE UPnP
- Next by thread: Re: Attempts to exploit Firewall/Router -- DO NOT ENABLE UPnP
- Index(es):
Relevant Pages
|
