[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: UPnP attack



John Wendel wrote:
Alan Cox wrote:
On Sat, 19 Jan 2008 06:43:59 +0900
John Summerfield <debian herakles homelinux org> wrote:

Les wrote:
Hi, guys,     I just got this from a Tech Republic newsletter:
http://blogs.techrepublic.com.com/tech-news/?p=1902

    Basically it notes a form of attack using port forwarding by use of
Flash and Javacode.  However, probably other scripting languages could
be used.  It is not OS or browser dependent, but rather depends on the
standard protocols of UPnP and and the Flash plug-in programing
standard _windows_ protocol. I've not heard of Linux doing it.

UPnP is a dreadful protocol but its perfectly possible to do it on Linux.
UPnP is an abomination for managing/controlling routers and other devices
so its quite possible your router talks it



Azureus uses it to automagically open ports on your router (if you let it).

Best to disable it in your router config.


Right you are, is used in most of the most popular and common routers.
LinkSys definitely uses it on more than one model.

-Max


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]