Joe User Posted December 29, 2016 Share Posted December 29, 2016 (edited) 5 minutes ago, Bryan R. said: Okay, but do you even get an IPv6 address assigned? If yes, so what. If no, so what. So you think it should be on by default and yet Linksys should be liable if it leads to an attack. The reality is that uPnP is made for users who would otherwise not know how to port forward. Customer buys a router. Customer then buys a camera. The camera wants port 80 open to it, where is the laymen user suppose to intervene to "approve it" as you suggest? If you want to "intervene" you would have uPnP OFF and do it yourself. Yes. Just like if any other company makes a product that is harmful then they should be liable. No, the reality is that UPnP was made because there's no standard interface to router port forwarding and that NAT is a mess. The user should approve the inbound access during the camera setup. Link to comment Share on other sites More sharing options...
adrynalyne Posted December 29, 2016 Share Posted December 29, 2016 (edited) 11 minutes ago, Joe User said: Why? Because Windows XP was bad 16 years ago? No, because I am not an idiot. Note: I am not calling you one either. I think you are probably instead trolling everyone in this thread. +Warwagon and Stokkolm 2 Share Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 4 minutes ago, Joe User said: Yes. Just like if any other company makes a product that is harmful then they should be liable. In the OP's case, uPnP allowed access to his camera remotely as intended. It is still password protected. Nothing about uPnP is inherently harmful. It's just not secure. Quote No, the reality is that UPnP was made because there's no standard interface to router port forwarding and that NAT is a mess. What? No standard interface? Maybe you need to be educated on how to port forward? Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 (edited) 4 minutes ago, Bryan R. said: In the OP's case, uPnP allowed access to his camera remotely as intended. It is still password protected. Nothing about uPnP is inherently harmful. It's just not secure. What? No standard interface? Maybe you need to be educated on how to port forward? Okay, tell me how to forward a port on my router. Start with the IP address of my router. Link to comment Share on other sites More sharing options...
adrynalyne Posted December 29, 2016 Share Posted December 29, 2016 3 minutes ago, Bryan R. said: In the OP's case, uPnP allowed access to his camera remotely as intended. It is still password protected. Nothing about uPnP is inherently harmful. It's just not secure. What? No standard interface? Maybe you need to be educated on how to port forward? <whiny voice> But port forwarding is hard and adds needless complexity. </whiny voice> Anibal P 1 Share Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 7 minutes ago, adrynalyne said: No, because I am not an idiot. Note: I am not calling you one either. I think you are probably instead trolling everyone in this thread. Surface 3 with LTE. Where's my firewall? In Windows, because It's not at Verizon. Link to comment Share on other sites More sharing options...
Rippleman Posted December 29, 2016 Share Posted December 29, 2016 (edited) I am not as technical as most of you are in here. But from what I am reading from all of you " UPnP is enabled" is like this: It is simply a very small chance that is dependent on another very small chance of another very small chance of a chance of a very small chance while infected with a virus? To me, that sounds like pretty good odds. Could you even get all those chances lined up by trying? If that happened to me, I think I would go buy some lottery tickets. Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 1 minute ago, Joe User said: Okay, tell me how to forward a port on my router. For you my friend, just enable uPnP, PM me your IP, and I'll make sure you did it right. Link to comment Share on other sites More sharing options...
Rippleman Posted December 29, 2016 Share Posted December 29, 2016 1 minute ago, Bryan R. said: For you my friend, just enable uPnP, PM me your IP, and I'll make sure you did it right. I enabled uPnp... hack me. Link to comment Share on other sites More sharing options...
adrynalyne Posted December 29, 2016 Share Posted December 29, 2016 2 minutes ago, Joe User said: Surface 3 with LTE. Where's my firewall? In Windows, because It's not at Verizon. That's on you. If you feel that is wise well, it's your prerogative. Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 3 minutes ago, Rippleman said: I am not as technical as most of you are in here. But from what I am reading from all of you " UPnP is enabled" is like this: It is simply a very small chance that is dependent on another very small chance of another very small chance of a chance of a very small chance while infected with a virus? To me, that sounds like pretty good odds. Could you even get all those chances lined up by trying? This thread clearly lays out the security concerns. The OP's camera WebUI was accessible to the internet because uPnP opened the port 80 automatically. That is a big risk. You're trusting entirely on the firmware of the camera device to block unauthorized access to your house or children. Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 3 minutes ago, Rippleman said: I am not as technical as most of you are in here. But from what I am reading from all of you " UPnP is enabled" is like this: It is simply a very small chance that is dependent on another very small chance of another very small chance of a chance of a very small chance while infected with a virus? To me, that sounds like pretty good odds. Could you even get all those chances lined up by trying? Good analogies are hard to write. Imagine an office building where every office has an outside door to a courtyard and all offices are connected inside to a hall. All doors are locked, always, both inside and out and there's a security guard at the main entrance to the building. That's a secure network. Now, imagine if a tenant could unlock his door to the courtyard without telling the other people in the building, that's UPnP. Say someone goes into the open office and tries to crowbar the door to the hall, that's your hacker. If he gets through, he's met with more locked doors. Now, how good are the doors and locks? I'm saying they're good, others are saying they are weak. Some are wondering how people use the bathrooms and why I'm not using a car as an analogy. Either way, the security guard isn't paid enough and is easily distracted with other tasks, that's your average router. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted December 29, 2016 MVC Share Posted December 29, 2016 24 minutes ago, Bryan R. said: It is still password protected. Maybe some people left the password for the camera as the default as they were never going to (intentionally) front face them to the internet. Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 17 minutes ago, Bryan R. said: For you my friend, just enable uPnP, PM me your IP, and I'll make sure you did it right. So, the answer is, no, I can't explain how to do it. Link to comment Share on other sites More sharing options...
LittleFroggy Posted December 29, 2016 Share Posted December 29, 2016 19 hours ago, InsaneNutter said: The majority are fake on Ebay, purchase from a reputable computer hardware supplier. If your in the UK Scan carry various Intel NIC's which work fine on ESXi or Pfsense. I purchased this Intel E1G44ET2 Quad Port NIC which is working great on ESXI 6, running a pfSense VM. Insane, Do the UK internet providers offer routers with their service? reason I ask is, each month, Charter here charges me a small amount $20 or $25. But when my router messed up, they GAVE me a brand new one. or do the UK providers have customers buy their own? Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 Just now, warwagon said: Maybe some people left the password for the camera as the default as they were ever going to (intentionally) put it on the internet. Yep.. Obviously.. 3 minutes ago, Joe User said: Good analogies are hard to write. Imagine an office building where every office has an outside door to a courtyard and all offices are connected inside to a hall. All doors are locked, always, both inside and out and there's a security guard at the main entrance to the building. That's a secure network. Now, imagine if a tenant could unlock his door to the courtyard without telling the other people in the building, that's UPnP. Say someone goes into the open office and tries to crowbar the door to the hall, that's your hacker. If he gets through, he's met with more locked doors. Now, how good are the doors and locks? I'm saying they're good, others are saying they are weak. Some are wondering how people use the bathrooms and why I'm not using a car as an analogy. Either way, the security guard isn't paid enough and is easily distracted with other tasks, that's your average router. That's why uPnP should be off, like I said. Because not all locks are secure. ie. The camera could have a weak password or be vulnerable in some way. More doors and locks are always better. Link to comment Share on other sites More sharing options...
BinaryData Posted December 29, 2016 Share Posted December 29, 2016 21 hours ago, notta said: I purchased the Linksys router because my Apple router was dropping wireless. For some reason I was happy with Apple because I feel they actually care about security. I then just went to BB and purchased a new router to get my wireless back up and running again. I am not happy with this router at all from everything I have seen. What do you recommend? Also, I have another question. The other day I setup a PFSense box on a Dell 3020 SFF. Uses about 20 watts of electricity so that's not too bad. My goal is to get that setup and use the wireless as an access point so buying another router is not necessary I guess I have been searching for a quad port Intel NIC on Ebay, but everything I see suggests that the cards are fake. How and the hell do you purchase genuine Intel NIC cards? Well, which one are you looking for, I have several Quad NICs. Send me a PM. 16 minutes ago, Joe User said: Okay, tell me how to forward a port on my router. Start with the IP address of my router. Usually under your Firewall settings. I use a SMB Router/Switch, so mine is different. If you gave me your router model and brand, I could show you exactly where. 11 minutes ago, Rippleman said: I enabled uPnp... hack me. UPnP allows for botnet's like Mirai to be activated. Congrats, you can be held responsible for whatever they do with your devices. Any good script kiddie, could hijack your network. Hell, BudMan or sc302 could easily drop your network off the face of the map. Would they? Nope. They'd rather educate and build up, rather than destroy. 1 minute ago, Bryan R. said: Yep.. Obviously.. That's why uPnP should be off, like I said. Because not all locks are secure. ie. The camera could have a weak password or be vulnerable in some way. More doors and locks are always better. They generally don't have password disabled securities either, so a bruteforce attack works on them. Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 1 minute ago, warwagon said: Maybe some people left the password for the camera as the default as they were never going to (intentionally) front face them to the internet. Just like routers used to come with no wifi password set, they do now. Cameras should force the password config as well. 1 minute ago, Bryan R. said: Yep.. Obviously.. That's why uPnP should be off, like I said. Because not all locks are secure. ie. The camera could have a weak password or be vulnerable in some way. More doors and locks are always better. Your guard is still busy doing other things and now customers can't get in. Also, the front door might be made of cardboard. Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 Just now, Joe User said: Your guard is still busy doing other things and now customers can't get in. Also, the front door might be made of cardboard. Sometimes analogies get in the way of actually understanding the concepts at work. My router is just fine, thank you. Link to comment Share on other sites More sharing options...
Rippleman Posted December 29, 2016 Share Posted December 29, 2016 (edited) 5 minutes ago, BinaryData said: UPnP allows for botnet's like Mirai to be activated. Congrats, you can be held responsible for whatever they do with your devices. Any good script kiddie, could hijack your network. Hell, BudMan or sc302 could easily drop your network off the face of the map. Would they? Nope. They'd rather educate and build up, rather than destroy. again... hack me... show me. If not, its all just hypothetical. (not claiming it doesn't happen, just saying that ALL the right conditions have to be met before its a worry) Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 2 minutes ago, BinaryData said: Usually under your Firewall settings. I use a SMB Router/Switch, so mine is different. If you gave me your router model and brand, I could show you exactly where. For laughs, a Linksys WRT54GS v4 that was given to me by SBCGlobal with a DSL package. Just get me to the login screen without getting technical. Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 On 12/29/2016 at 1:39 PM, Rippleman said: again... hack me... show me. You know that's not practical. You know that's illegal. If you want to see it yourself, people have been leaving PCs and devices naked on the internet for ###### and giggles for years. Have at it. Is it not enough that security cameras could be accessible to unauthorized users because of uPnP? Thermostats, fridges, all IoT devices are a concern. On 12/29/2016 at 1:40 PM, Joe User said: For laughs, a Linksys WRT54GS v4 that was given to me by SBCGlobal with a DSL package. Just get me to the login screen without getting technical. Create a new thread if you're serious. Link to comment Share on other sites More sharing options...
Rippleman Posted December 29, 2016 Share Posted December 29, 2016 (edited) 2 minutes ago, Bryan R. said: You know that's not practical. You know that's illegal. If you want to see it yourself, people have been leaving PCs and devices naked on the internet for ###### and giggles for years. Have at it. Is it not enough that security cameras could be accessible to unauthorized users because of uPnP? Create a new thread if your serious. It is NOT illegal if someone is giving permission - i am giving this forum written permission to try to hack me with my UPnP on. Hack me, show me. I invite anyone. I do know the some cameras and the like are left open, but that is not the same has getting into someones computer. It still reads like you need a list of prerequisites of situations before you have this risk. I know I could be wrong and would like to see if someone can hack me. Meduso 1 Share Link to comment Share on other sites More sharing options...
Bryan R. Posted December 29, 2016 Share Posted December 29, 2016 3 minutes ago, Rippleman said: It is NOT illegal if someone is giving permission - i am giving this forum written permission to try to hack me with my UPnP on. Hack me, show me. I invite anyone. "Hack me". Stop being childish. The security concerns are not individuals hacking individuals. We don't know what devices you may be using. But bots are constantly scanning all IPs for these open ports and trying known passwords and known vulnerabilities to get in. The NSA director puts tape on his front-facing camera because he is who he is. That's doesn't mean every American needs to be covering their cameras. adrynalyne 1 Share Link to comment Share on other sites More sharing options...
Joe User Posted December 29, 2016 Share Posted December 29, 2016 1 minute ago, Rippleman said: It is NOT illegal if someone is giving permission - i am giving this forum written permission to try to hack me with my UPnP on. Hack me, show me. I invite anyone. Well, first you'll need to install this malicious software... Or, you'll need to get poorly designed hardware... None of which is an actual flaw in the protocol. And there ARE flaws with the design, but it's not this monster that people are making it out to be. For the average joe user it's good enough. Link to comment Share on other sites More sharing options...
Recommended Posts