Jump to content



Photo

Test your router to see if its vulnerable to the UPnP Exploit.

upnpvulnerabilitytest

  • Please log in to reply
75 replies to this topic

#46 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 11 February 2013 - 22:38

that site is scaremongering at best anyway. notice how it ONLY reports how many "open" routers has been found with the test, not how many secure ones.


That is because MOST routers SHOULD pass the test!!! There shouldn't be very many routers that by default have UPnP on the WAN. The people who have run this test in this thread have proven that.

It's a MUCH bigger deal if you fail the test than if you pass it.


#47 vcfan

vcfan

    POP POP RET

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 11 February 2013 - 22:51

uPnP is the dumbest idea. whats the point of the firewall if applications are just going to open dat dere ports anyways? if you get a piece of malware that runs a server on your pc,it will just open the ports it wants,and runs beautifully. if you open your own ports,you at least know what you're getting yourself into. you don't even have to have malware. you might have a vulnerable application that is actively listening on a port.

#48 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 12 February 2013 - 00:57

guys please be sure you specify the router you are using for the tests... some of you didn't and that's not helpful...

That is because MOST routers SHOULD pass the test!!! There shouldn't be very many routers that by default have UPnP on the WAN. The people who have run this test in this thread have proven that.

It's a MUCH bigger deal if you fail the test than if you pass it.


My Amped Wireless R20000G and my R10000 both shipped with UPNP disabled.

I enabled on both and they pass the test and "do not respond"

#49 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 February 2013 - 01:02

guys please be sure you specify the router you are using for the tests... some of you didn't and that's not helpful...



My Amped Wireless R20000G and my R10000 both shipped with UPNP disabled.

I enabled on both and they pass the test and "do not respond"


I agree they could list their router. But we are already more than 4 pages in. So people could either flip through the pages looking to see if someone who ran the test has the same router than them, or they could just go to the site and click the button.

This thread was created not really as a list of routers affected but as away people can test themselves against the issue.

#50 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 4
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 12 February 2013 - 01:03

uPnP is the dumbest idea. whats the point of the firewall if applications are just going to open dat dere ports anyways? if you get a piece of malware that runs a server on your pc,it will just open the ports it wants,and runs beautifully. if you open your own ports,you at least know what you're getting yourself into. you don't even have to have malware. you might have a vulnerable application that is actively listening on a port.


It's so that when somebodies mother who views the computer as a magic box wants to make a Skype call with somebody, she doesn't have to reconfigure the firewall to let things pass through.

I'm running a dual stack (v4/v6) setup, and the UPnP daemon I'm running doesn't support the v6 side yet so any open ports only happen for v4 traffic. It's surprisingly annoying to track down what uses what ports to add them to the firewall.

#51 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 12 February 2013 - 01:05

I agree they could list their router. But we are already more than 4 pages in. So people could either flip through the pages looking to see if someone who ran the test has the same router than them, or they could just go to the site and click the button.

This thread was created not really as a list of routers affected but as away people can test themselves against the issue.


Thing is it would be more helpful to users as well as the manufacturers. I understand though.

#52 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 February 2013 - 01:07

Thing is it would be more helpful to users as well as the manufacturers. I understand though.


True, for that i'm sure if you search the net someone has started a google spreadsheet :)

just did a quick search

https://docs.google....5zajRyTmc#gid=0

#53 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 12 February 2013 - 01:09

I was aware of that allready, however thanks for posting for others.

#54 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 12 February 2013 - 01:13

I was aware of that allready, however thanks for posting for others.


Err.....wait...uh....i'm confused..... if you were already aware of it why didn't you post it in this thread? How would this little thread help others and manufacturers when there is a GIGANTIC spreadsheet already being maintained?

#55 Crisp

Crisp

    To infinity and beyond

  • Tech Issues Solved: 2
  • Joined: 06-May 10
  • Location: 127.0.0.1

Posted 12 February 2013 - 03:11

Not practical for the average consumer, enough said.


Yeah you're right, I sometimes forget what forum I'm on.

#56 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 February 2013 - 04:19

"box wants to make a Skype call with somebody,"

You can run skype without UPnP - so not going to be an issue. Worse case the call is just relayed if how skype punches hole does not work..

Because grandma's router these days most likely has UPnP disabled anyway, what grandma is going to figure out how to enable UPnP? ;)

Here is article about udp hole punching - to be honest skype can be a pain to shutdown because of how it works.

And again - worse case calls are just done via relay.

http://resources.inf...-hole-punching/

How Skype does it

Skype uses the UDP hole punching technique to allow communication between users who are behind NAT. However, Skype does not use a separate server to act as a third party host. Rather it uses its users computers to act as a third party host. Any client which has a publicly reachable IP can become the third party host. Hence this may increase the load on Skype’s users as they are responsible for initiating the connection between the users who are behind NAT. Sometimes UDP hole punching may not be possible due to various reasons like port randomization by the NAT. In the cases where UDP hole punching is not possible, the third party host (i.e., a Skype user’s system having a globally reachable IP address) is used to relay the whole communication between the users who are behind NAT.

edit: This protocol has been a plague from its get go.. No security, you don't auth you don't even have be identified -- unless vendor has put in its own controls on it anything can create a hole in your router. This allows for all kinds of nasty stuff to happen, you could have a web exploit that user goes to website - browser gets exploited and send upnp traffic to its router which then could open up ports, and they don't have to be to that box they could just be used to create your own onion router to bounce traffic for.

Nothing really saying that the traffic you forward has to be to an inside address, could be to another public IP.

There is a good paper on UPnP that was published on sane back in 2006 -- yes that was years after this garbage was allowed to infect the internet.. http://www.sane.nl/s...l-papers/R6.pdf

Now I agree there needs to be something simple for the common user to be able to let their software open up unsolicited traffic.. How about just simple PSK that is setup on the router, and then you can put that into the application that needs to open up traffic - the skype example. That is better than what is in play now.. You sure an the hell should not need to up traffic to anything other than requesting IP.

Just amazing that we are still dicking with this nonsense..

#57 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 12 February 2013 - 06:12

Not practical for the average consumer, enough said.



Not from the inside, the exploit is that it responds to UPnP from the WAN side, that's the problem.



I think your failing to understand the exploit, typically the packet is formed on the LAN side from an application, which is passed to the router, the router opens up the ports requested. The problem is here, if you are running one of the exploitable routers, ANYONE from the WAN side, can sent a correctly formed packet to your router, over the net, and your router will open the port for them. This should never be allowed on the WAN interface.


The point I was arguing was the people saying upnp should always be off. Not about the exploit which so far seems to actually effect very few routers contrary to the scaremongering claims about the exploit anyway.

That is because MOST routers SHOULD pass the test!!! There shouldn't be very many routers that by default have UPnP on the WAN. The people who have run this test in this thread have proven that.

It's a MUCH bigger deal if you fail the test than if you pass it.


He should still report the uber of passed tests and not just failed tests, as I said, that's just scaremongering, especially with the rest of his "article" on it as well.

uPnP is the dumbest idea. whats the point of the firewall if applications are just going to open dat dere ports anyways? if you get a piece of malware that runs a server on your pc,it will just open the ports it wants,and runs beautifully. if you open your own ports,you at least know what you're getting yourself into. you don't even have to have malware. you might have a vulnerable application that is actively listening on a port.


To block incoming connections. By the time you have a virus or malware on the inside of your firewalls it's to late and it doesn't need to open any ports, it can send data without open ports, it can open two way traffic without opening ports and it can spread itself without opening ports.



As for upnp being needed, while Skype may be a bad example. What about the millions of trackmania players who require ports mapped for the peer to peer sharing of the game, and a thousand other peer to peer apps, who re not related to illegal downloading.

#58 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 February 2013 - 06:40

So grandma is going to be running trackmania server? You can play the game without having to run a server on your box, and you can also play on other players servers again without having to open up any ports. You can even book free server time can you not? And rent servers? If your not bright enough to figure out how to forward a single port.

Even freaking grandma could do it to be honest - If she is playing trackmania an wanting to host a server, I think she could follow the follow the bouncing ball guides at http://portforward.com/

as to
"it can open two way traffic without opening ports and it can spread itself without opening ports."

Agreed if your machine is infected its too late for that machine.. But what user checks their router for UPnP settings? Quite possible that bad code left doors open for next time once you clear it. Quite possible it left a onion route in place that now they can bounce traffic off your router without you even knowing it for other attacks.. Could open up other ports to other machine that have not been exploited, but now maybe, etc.

Your going to have a hard time making a case that UPnP is not a security issue.. Plain and simple its not secure in its present form.

#59 Tha Bloo Monkee

Tha Bloo Monkee

    Da Ba Dee Da Ba Die

  • Joined: 03-July 04
  • Location: Ontario, Canada

Posted 12 February 2013 - 07:15

Running DD-WRT:

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!


(That's good news!)


Yes, I'm using UPnP. Makes life easier than opening ports manually.

#60 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 12 February 2013 - 09:53

Err.....wait...uh....i'm confused..... if you were already aware of it why didn't you post it in this thread? How would this little thread help others and manufacturers when there is a GIGANTIC spreadsheet already being maintained?


the spreadsheet is harder to find using some keywords... I was in talks with another manufacturer and the rep had issues finding info about thier product's vulnerability and was unable to find the spreadsheet himself. so he can pass on to the team.. so I had to send it to him. threads like these where the product is specified allows the manufacturer to find and log that easier and also it may be updated more then the spreadsheet.

has a lot of helpful uses really so why not go for it???

I was going to make a thread about this as well, however I saw someone else posted it.