UPnP attack
max
maximilianbianco at gmail.com
Sat Jan 19 00:10:48 UTC 2008
John Wendel wrote:
> Alan Cox wrote:
>> On Sat, 19 Jan 2008 06:43:59 +0900
>> John Summerfield <debian at herakles.homelinux.org> wrote:
>>
>>> Les wrote:
>>>> Hi, guys, I just got this from a Tech Republic newsletter:
>>>> http://blogs.techrepublic.com.com/tech-news/?p=1902
>>>>
>>>> Basically it notes a form of attack using port forwarding by use of
>>>> Flash and Javacode. However, probably other scripting languages could
>>>> be used. It is not OS or browser dependent, but rather depends on the
>>>> standard protocols of UPnP and and the Flash plug-in programing
>>> standard _windows_ protocol. I've not heard of Linux doing it.
>>
>> UPnP is a dreadful protocol but its perfectly possible to do it on Linux.
>> UPnP is an abomination for managing/controlling routers and other devices
>> so its quite possible your router talks it
>>
>
>
> Azureus uses it to automagically open ports on your router (if you let it).
>
> Best to disable it in your router config.
>
Right you are, is used in most of the most popular and common routers.
LinkSys definitely uses it on more than one model.
-Max
More information about the fedora-list
mailing list