Disable upnp on your router ASAP

Standard Toaster

UPnP networking flaw puts millions of PCs at risk. Danger stems from widely used tech found in routers & net gear

m.cnet.com/news/upnp-networking-flaw-puts-millions-of-pcs-at-risk/57566366

Defiler Of The Coffin

Is there any tool available that determines whether a router is vulnerable or not?

Standard Toaster

Defiler Of The Coffin wrote: »

Is there any tool available that determines whether a router is vulnerable or not?

Here:
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play (Windows only)

From this article

Standard Toaster

Scan your router online.

upnp-check.rapid7.com

Dey were Sooted

thank you !! was able to disable it under the NAT settings in my router

Alun

Standard Toaster wrote: »

Scan your router online.

upnp-check.rapid7.com

Mmmm, 9 times out of 10 it just sits there forever with the spinning cogwheel, and the rare time it ever comes up with anything it's for an IP address in a range that doesn't even exist on my local network and for an OS (Ubuntu 7.1) that isn't running there either. Not impressed.

Khannie

Worked first time for me.

Alun

Khannie wrote: »

Worked first time for me.

Did it come up with anything sensible?

Alun

Alun wrote: »

Mmmm, 9 times out of 10 it just sits there forever with the spinning cogwheel, and the rare time it ever comes up with anything it's for an IP address in a range that doesn't even exist on my local network and for an OS (Ubuntu 7.1) that isn't running there either. Not impressed.

Actually on closer inspection the results screen I saw was their 'example' results screen, must have clicked on the wrong link.

So, it still just sits there and does nothing, tried on 3 different PC's so far with both FF 18 and IE 9.

Khannie

Alun wrote: »

Did it come up with anything sensible?

Yeah, it said I was safe. Took about 30 seconds. I was using firefox on my android phone (over wifi).

CreepingDeath

I've had UPnP disabled on my router for some time now, as recommended by the "Security Now" podcast.

Nothing to do with this vulnerability, but if malware gets on your system I believe it can use upnp to punch holes in your firewall.

And some routers don't show the upnp changes made in their user interface, so you'd never know.

If an application needs something changed on the router, I'd rather do it manually myself.

Dey were Sooted

Alun wrote: »

Did it come up with anything sensible?

worked first time for me too ... said i was at risk .. diasabled the setting in my router... on second scan it took a bit longer but then said all is good ... it is for windows os only i believe

Standard Toaster

GRC's 'Shields Up' has been updated to test for this:

Khannie

Dey were Sooted wrote: »

it is for windows os only i believe

Nope....

Khannie wrote: »

I was using firefox on my android phone (over wifi).

The underlying OS that your browser is connecting from should make no difference to the scan whatsoever.

DoesNotCompute

If I disable uPNP on the router's administration page, will this stop the router from responding to uPNP requests on the WAN interface? Or does this depend on the implementation of uPNP on the specific model of router I'm using (I'm using a Cisco EPC2425 btw). I presume one could just configure the router to block UDP port 1900 inbound in any case.

Also is there a list of vulnerable devices online somewhere?

ED E

WNDR3800 is safe according to them.

yes chance

https://www.youtube.com/watch?v=wEa43qM4JjQ#t=09m44s

yes chance

Standard Toaster wrote: »

Here:
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play (Windows only)

From this article

That has been unsafe for years

Standard Toaster

yes chance wrote: »

That has been unsafe for years

I know. Thanks.

yes chance

Is an 02 dongle a router? A frend of mne has one. Should he disable Upnp