Consult your router’s manual for more information.I recently acquired a Marantz SR6006 receiver.
How Do I Disable It? If your router supports UPnP, you’ll find an option to disable it in its web interface. Some malware does use UPnP to forward ports (the Conficker worm, for example), but I haven’t come across an example of a piece of malware exploiting these router flaws.
ASSET UPNP TO SOFTWARE
On the other hand, these router flaws are not actively being used in the wild, so the actual chance that you’ll come across malicious software that exploits flaws in your router’s UPnP implementation is fairly low. You can still forward ports without UPnP it’s just a bit more work. Heavy users of these applications will want to consider whether they’re prepared to give up some security for the convenience. If you don’t use applications that need port forwarding, such as peer-to-peer applications, game servers, and many VoIP programs, you may be better off disabling UPnP entirely. Unfortunately, it does appear that UPnP has a lot of problems. When I started writing this post, I expected to conclude that UPnP’s flaws were fairly minor, a simple matter of trading a little bit of security for some convenience. Image Credit: Ben Mason on Flickr Should You Disable UPnP? Many router manufacturers haven’t done a good job of securing their UPnP implementations. Is This a Problem? Yes! Millions of routers in the wild are vulnerable. ( Source) The website lists many other such problems. On some Linux-based routers, it’s possible to exploit UPnP to run commands on the router. A malicious application might ask a router to redirect network traffic to remote IP addresses on the Internet (instead of local IP addresses), and the router would comply. For example, many routers’ UPnP implementations don’t check input properly. These aren’t necessarily problems with UPnP itself they’re often problems with UPnP implementations. The UPnP Hacks website contains a detailed list of security issues in the ways different routers implement UPnP. Even if it was fixed (this would be difficult, as this is a problem with the UPnP protocol itself), many older routers still in use would be vulnerable. I can’t find any sort of indication that this was ever fixed. For example, it could point at another IP address entirely – your web browser’s address bar would say, but you’d be using a website set up by a malicious organization. Port forwarding would be the least of your worries – a malicious DNS server could redirect traffic to other websites. Unfortunately, it gets worse - on some routers, a Flash applet could change the primary DNS server with a UPnP request. The attacker would have to exploit a vulnerability in a network service running on your computer after doing this, though – using a firewall on your computer will help protect you. For example, the applet could ask the router to forward ports 1-65535 to your computer, effectively exposing it to the entire Internet. A specially crafted Flash applet, running on a web page inside your web browser, can send a UPnP request to your router and ask it to forward ports. The Flash UPnP Attack was discovered in 2008. You might assume that you’re secure as long as no malware is running on any local devices – but you’re probably wrong. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP. UPnP doesn’t require any sort of authentication from the user.
Image Credit: Carsten Lorentzen on Flickr The Flash UPnP Attack
ASSET UPNP TO PATCH
While some people may remember the NIPC’s advisory and have a negative view of UPnP, this advice was misguided at the time and the specific problem was fixed by a patch for Windows XP over ten years ago. The NIPC actually issued a correction for this advice later, after they realized that the problem wasn’t in UPnP itself. Near the end of 2001, the FBI’s National Infrastructure Protection Center advised all users disable UPnP because of a buffer overflow in Windows XP.
If malware not being able to forward ports is important to you, you’ll want to disable UPnP. There’s no getting around this one – UPnP assumes local programs are trustworthy and allows them to forward ports.
0 kommentar(er)
