Test your router to see if its vulnerable to the UPnP Exploit.


Recommended Posts

I agree they could list their router. But we are already more than 4 pages in. So people could either flip through the pages looking to see if someone who ran the test has the same router than them, or they could just go to the site and click the button.

This thread was created not really as a list of routers affected but as away people can test themselves against the issue.

Thing is it would be more helpful to users as well as the manufacturers. I understand though.

Link to comment
Share on other sites

Thing is it would be more helpful to users as well as the manufacturers. I understand though.

True, for that i'm sure if you search the net someone has started a google spreadsheet :)

just did a quick search

https://docs.google.com/a/rccsemail.com/spreadsheet/ccc?key=0ApUaRDtAei07dFdOWXdKRUVaUTdRYndnbW5zajRyTmc#gid=0

Link to comment
Share on other sites

I was aware of that allready, however thanks for posting for others.

Err.....wait...uh....i'm confused..... if you were already aware of it why didn't you post it in this thread? How would this little thread help others and manufacturers when there is a GIGANTIC spreadsheet already being maintained?

Link to comment
Share on other sites

"box wants to make a Skype call with somebody,"

You can run skype without UPnP - so not going to be an issue. Worse case the call is just relayed if how skype punches hole does not work..

Because grandma's router these days most likely has UPnP disabled anyway, what grandma is going to figure out how to enable UPnP? ;)

Here is article about udp hole punching - to be honest skype can be a pain to shutdown because of how it works.

And again - worse case calls are just done via relay.

http://resources.inf...-hole-punching/

How Skype does it

Skype uses the UDP hole punching technique to allow communication between users who are behind NAT. However, Skype does not use a separate server to act as a third party host. Rather it uses its users computers to act as a third party host. Any client which has a publicly reachable IP can become the third party host. Hence this may increase the load on Skype?s users as they are responsible for initiating the connection between the users who are behind NAT. Sometimes UDP hole punching may not be possible due to various reasons like port randomization by the NAT. In the cases where UDP hole punching is not possible, the third party host (i.e., a Skype user?s system having a globally reachable IP address) is used to relay the whole communication between the users who are behind NAT.

edit: This protocol has been a plague from its get go.. No security, you don't auth you don't even have be identified -- unless vendor has put in its own controls on it anything can create a hole in your router. This allows for all kinds of nasty stuff to happen, you could have a web exploit that user goes to website - browser gets exploited and send upnp traffic to its router which then could open up ports, and they don't have to be to that box they could just be used to create your own onion router to bounce traffic for.

Nothing really saying that the traffic you forward has to be to an inside address, could be to another public IP.

There is a good paper on UPnP that was published on sane back in 2006 -- yes that was years after this garbage was allowed to infect the internet.. http://www.sane.nl/sane2006/program/final-papers/R6.pdf

Now I agree there needs to be something simple for the common user to be able to let their software open up unsolicited traffic.. How about just simple PSK that is setup on the router, and then you can put that into the application that needs to open up traffic - the skype example. That is better than what is in play now.. You sure an the hell should not need to up traffic to anything other than requesting IP.

Just amazing that we are still dicking with this nonsense..

  • Like 1
Link to comment
Share on other sites

Not practical for the average consumer, enough said.

Not from the inside, the exploit is that it responds to UPnP from the WAN side, that's the problem.

I think your failing to understand the exploit, typically the packet is formed on the LAN side from an application, which is passed to the router, the router opens up the ports requested. The problem is here, if you are running one of the exploitable routers, ANYONE from the WAN side, can sent a correctly formed packet to your router, over the net, and your router will open the port for them. This should never be allowed on the WAN interface.

The point I was arguing was the people saying upnp should always be off. Not about the exploit which so far seems to actually effect very few routers contrary to the scaremongering claims about the exploit anyway.

That is because MOST routers SHOULD pass the test!!! There shouldn't be very many routers that by default have UPnP on the WAN. The people who have run this test in this thread have proven that.

It's a MUCH bigger deal if you fail the test than if you pass it.

He should still report the uber of passed tests and not just failed tests, as I said, that's just scaremongering, especially with the rest of his "article" on it as well.

uPnP is the dumbest idea. whats the point of the firewall if applications are just going to open dat dere ports anyways? if you get a piece of malware that runs a server on your pc,it will just open the ports it wants,and runs beautifully. if you open your own ports,you at least know what you're getting yourself into. you don't even have to have malware. you might have a vulnerable application that is actively listening on a port.

To block incoming connections. By the time you have a virus or malware on the inside of your firewalls it's to late and it doesn't need to open any ports, it can send data without open ports, it can open two way traffic without opening ports and it can spread itself without opening ports.

As for upnp being needed, while Skype may be a bad example. What about the millions of trackmania players who require ports mapped for the peer to peer sharing of the game, and a thousand other peer to peer apps, who re not related to illegal downloading.

Link to comment
Share on other sites

So grandma is going to be running trackmania server? You can play the game without having to run a server on your box, and you can also play on other players servers again without having to open up any ports. You can even book free server time can you not? And rent servers? If your not bright enough to figure out how to forward a single port.

Even freaking grandma could do it to be honest - If she is playing trackmania an wanting to host a server, I think she could follow the follow the bouncing ball guides at http://portforward.com/

as to

"it can open two way traffic without opening ports and it can spread itself without opening ports."

Agreed if your machine is infected its too late for that machine.. But what user checks their router for UPnP settings? Quite possible that bad code left doors open for next time once you clear it. Quite possible it left a onion route in place that now they can bounce traffic off your router without you even knowing it for other attacks.. Could open up other ports to other machine that have not been exploited, but now maybe, etc.

Your going to have a hard time making a case that UPnP is not a security issue.. Plain and simple its not secure in its present form.

Link to comment
Share on other sites

Running DD-WRT:

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

(That's good news!)

Yes, I'm using UPnP. Makes life easier than opening ports manually.

Link to comment
Share on other sites

Err.....wait...uh....i'm confused..... if you were already aware of it why didn't you post it in this thread? How would this little thread help others and manufacturers when there is a GIGANTIC spreadsheet already being maintained?

the spreadsheet is harder to find using some keywords... I was in talks with another manufacturer and the rep had issues finding info about thier product's vulnerability and was unable to find the spreadsheet himself. so he can pass on to the team.. so I had to send it to him. threads like these where the product is specified allows the manufacturer to find and log that easier and also it may be updated more then the spreadsheet.

has a lot of helpful uses really so why not go for it???

I was going to make a thread about this as well, however I saw someone else posted it.

Link to comment
Share on other sites

So grandma is going to be running trackmania server? You can play the game without having to run a server on your box, and you can also play on other players servers again without having to open up any ports. You can even book free server time can you not? And rent servers? If your not bright enough to figure out how to forward a single port.

and where did I say anything about running servers ? maybe if you read what I posted and/or knew how trackmania works. Trackmania allows you to make and share tracks and in this case, more importantly skins for your car. in order for other people to see your car skins you need an open port for the trackmania P2P sharing system. otherwise your car only shows up as grey or with a default skin for others, or if you're running with a custom car model then you also need this.

as for Grandma, people of any age who aren't computer knowledgeable run TM , people who I would never let near the router config.

for this and similar stuff, UPnP is a great solution for them. And for people with large families who don't want to manually map ports for their 5+ computers in their house that keeps needing or changing the ports they need.

and as long as the router/software isn't affected by this bug exploit, there's no reason not to have UPnP on, after all if the malware is already on your side of the firewall, you've already lost. and UPnP on or off will have pretty much no effect.

Link to comment
Share on other sites

Yay!! Disabled

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Double Yay!!

Enabled

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Link to comment
Share on other sites

Disabled by default on Gargoyle. I can't believe it took me so long to put this on my WNDR3700.

post-45228-0-52650300-1360022836.png

I'm running Gargoyle as well and have UPnP / NAT-PMP enabled. I also passed.

Link to comment
Share on other sites

Im not saying its not a useful feature - what I am saying is its a SECURITY NIGHTMARE, has been since the get go.. There is no AUTH, not even identification..

You state

"people who I would never let near the router config."

But you would allow any software they run to access modify your router config without boo from you the admin?

As to sharing your skins - again UPnP not needed, and ports not required to be allowed inbound either.. Just use a locator url and place your custom skin file on the net somewhere.

No I don't play trackmania - so no I am not up to speed on all the ins and outs of how protocols work in that game.. But what I can tell you is UPnP is NOT required for that game to work.. And allowing it is a security risk you may be willing to take, but not something most people would be happy to allow to run on their network.

This protocol needs to fixed, it needed to be fixed 10 years ago!

Link to comment
Share on other sites

Skype may have been a bad example, but WLM (for example) needs an open port to transfer files (same with Jabber too), while they can use other methods they're also much slower.

If you need a direct connection between two systems with a then you need that "hole punching" behaviour with either port forwarding or a firewall, unless you want to proxy everything through a 3rd party.

Link to comment
Share on other sites

Skype may have been a bad example, but WLM (for example) needs an open port to transfer files (same with Jabber too), while they can use other methods they're also much slower.

If you need a direct connection between two systems with a then you need that "hole punching" behaviour with either port forwarding or a firewall, unless you want to proxy everything through a 3rd party.

obviously,if these people are not tech savvy,then they would ask their computer expert to make these applications work. I mean,its not like they set up their own router.

believe it or not,there are a lot of application that will listen on a port for a connection. somewhere out there, people have found exploits in some of these and all they would have to do is port scan your ass to find out if you're running this vulnerable application, then take you down.

I personally can't trust uPnP.

Link to comment
Share on other sites

All good here as well. :)

All clean here as well (Netgear WNDR3700v4 with factory firmware).

Link to comment
Share on other sites

You state

"people who I would never let near the router config."

But you would allow any software they run to access modify your router config without boo from you the admin?

So True!!!! :D

I've always said that anyone who takes security seriously should feel uneasy at just the thought of UPnP! My moms router also has UPnP disabled. If she has a program which needs ports opened up she can call and I can help her out.

Link to comment
Share on other sites

Im not saying its not a useful feature - what I am saying is its a SECURITY NIGHTMARE, has been since the get go.. There is no AUTH, not even identification..

You state

"people who I would never let near the router config."

But you would allow any software they run to access modify your router config without boo from you the admin?

As to sharing your skins - again UPnP not needed, and ports not required to be allowed inbound either.. Just use a locator url and place your custom skin file on the net somewhere.

No I don't play trackmania - so no I am not up to speed on all the ins and outs of how protocols work in that game.. But what I can tell you is UPnP is NOT required for that game to work.. And allowing it is a security risk you may be willing to take, but not something most people would be happy to allow to run on their network.

This protocol needs to fixed, it needed to be fixed 10 years ago!

I dont' really have any problem with them opening ports, why would I. they're the ones who open up their access anyway, and all windows computers have their own software firewalls that block based on software anyway.

And trackmania only supports sharing through it's built in P2P system, which for a new is a lot easier since it's all integrated into the game, then going and uploading to a site. you edit the skin in the game apply it, and it's available to everyone you race with anywhere.

And yes, for the P2P sharing features of the game to work, you either need UPnP or manual port mapping.

and actually, "most" people would be willing to, I think you're confusing most people with "me". which is two entirely different concepts. And the whole security thing is again, mostly scaremongering unless your router is one of the very few faulty ones with the exploit open.

There's no inherrent increased security with UPnP off as opposed to on. just more work for the "admin". which is a stupid term on any home network no matter how big and fancy it is.

No malware needs open ports to spam itself inside or outside the network. or to give access inside.

Link to comment
Share on other sites

I highly suggest you read up on the UPnP protocol in general.. Did you read the article I linked to from 2006?

I think your confusing your lack of caring about what goes in and out of your network with what normal security minded people would care about. No I doubt the grandma playing trackmania person cares..

An active issue is not scare mongering.. Now is the list of routers that are open to UPnP from the wan side a short one??.. I would sure hope so, but the issue is a long list of versions of libupnp that goes all the way back to 1.4

My points are not really about this test, nor the current issue with libupnp -- my issue is the protocol in general.. There is NO security mechanism included.. Has not been since the get go, this is a problem. And has been since day one.

Do a simple google for UPnP and security.. Where do you find anyone saying that there is no issue with it? Leaving it on is trading security for convenience.. Maybe that is fine with you, but no its not fine with "me" nor would it be with anyone that cares about security.

Please find a source that says there is no security issues with UPnP other than yourself? ;) I would be happy to read such an article. To be honest I don't think I recall ever hearing anyone other than you think that there is not an issue with UPnP at the general level because of the lack of auth.

Do you recall a few years back the issue with using flash to send traffic to your UPnP router, there could be issues with rerouting your dns - just a long list of nasty things that allowing it could open up, when there is little reason too other than convenience or a lazy admin of their own network. Not going to say that you never need inbound unsolicited traffic - but its not something that needs to change on the fly every other hour that would make it such a pain to maintain in most home networks.

Link to comment
Share on other sites

The fact that everyone I this thread tested successfully and that the site itself only shows number of failed tests not the non fails shows its scaremongering and the amount of effected routers isn't nearly as if as the scaremongers make it out to be.

And what's with the grandma playing TM. millions of people play TM regular people from 9 and up, who don't care about their router as long as it works, gives them Internet and lets them do what they want.

As for the security, again, unless your router is effected by the exploit, you still need malware on your side of the router. In which case the malware can give full access to your network to the hacker without UPnP.

So by that logic, any security minded person would not be connected to the Internet.

Sure it could be more secure, but then you also add in complexity that confuse the average person.

Link to comment
Share on other sites

UPnP was enabled by default on my ASUS RT-N66U router.

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

According to the test, my router isn't vulnerable to the exploit. I guess I'll just leave it enabled.

Link to comment
Share on other sites

obviously,if these people are not tech savvy,then they would ask their computer expert to make these applications work. I mean,its not like they set up their own router.

believe it or not,there are a lot of application that will listen on a port for a connection. somewhere out there, people have found exploits in some of these and all they would have to do is port scan your ass to find out if you're running this vulnerable application, then take you down.

I personally can't trust uPnP.

So every time they want to send photos to somebody they call out a computer technician?

Link to comment
Share on other sites

guys please be sure you specify the router you are using for the tests... some of you didn't and that's not helpful...

Sorry, I guess that would be helpful.

Passed test, Netgear WNDR2700 v1 with F/W version V1.0.7.98NA

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.