I have been thinking about UPnP on routers. Am I right in thinking that if
you have this enabled, a program is able to open incoming ports on your
router?
If this is true, what is to stop a malicious program from opening its own
ports using UPnP and opening your pc to access from anyone who tries to
conect to said program?

If you have questions on uPnP -- the following is a *good* place to ask.

news://msnews.microsoft.com/microsoft.public.upnp

--
Dave




"Stuart M" <dfdgh@fghf.cvgd> wrote in message news:386qdmF4qa5a3U1@individual.net...
| I have been thinking about UPnP on routers. Am I right in thinking that if
| you have this enabled, a program is able to open incoming ports on your
| router?
| If this is true, what is to stop a malicious program from opening its own
| ports using UPnP and opening your pc to access from anyone who tries to
| conect to said program?
|
|

Stuart M wrote:
of no reason good enough.

Universal plug and pray can be very dangerous to use and does open you
up to vulnerabilities. The FBI recommended for some time that this be
disabled due to the compromise potential, though I haven't seen anything
recently on this.

Yes UPnP can allow for dynamic opening and closing of ports. Yes, it can
be exploited.

I would think long and hard before I enabled the service. I had to go
out of my way to ensure UPnP was specifically disabled on all of our
systems. Sometimes convenience has a price in this case, in my personal
opinion, the risk is too high.

Winged

"winged" <winged@nofollow.com> wrote in message news:cvlv46$a0r@dispatch.concentric.net
| Stuart M wrote:
|| I have been thinking about UPnP on routers. Am I right in thinking that if
|| you have this enabled, a program is able to open incoming ports on your
|| router?
|| If this is true, what is to stop a malicious program from opening its own
|| ports using UPnP and opening your pc to access from anyone who tries to
|| conect to said program?
||
||
| I would do this only with a very very good reason to do so. I can think
| of no reason good enough.
|
| Universal plug and pray can be very dangerous to use and does open you
| up to vulnerabilities. The FBI recommended for some time that this be
| disabled due to the compromise potential, though I haven't seen anything
| recently on this.
|
| Yes UPnP can allow for dynamic opening and closing of ports. Yes, it can
| be exploited.
|
| I would think long and hard before I enabled the service. I had to go
| out of my way to ensure UPnP was specifically disabled on all of our
| systems. Sometimes convenience has a price in this case, in my personal
| opinion, the risk is too high.
|
| Winged


But that is if you have not patched the OS and TCP port 5000 is open to the Internet. When
using uPnP in conjunction with uPnP compliant Routers, there is no problem as this
networking remains on the LAN side and does not cross the LAN/WAN barrier.

The advantages of using uPnP compliant; Routers, OSs and applications are indeed worth
using it.

I haven't seen *any* <you know who's> CERT vulnerability Assessments on uPnP and you know
<who's> requirement it is to go to WinXP.

--
Dave

alerts on all aspects, they barely hit the high points, and usually long
after the threat is known. I believe the statistic is something like
80% of hacks that occur or are induced from inside users, usually to
bypass internal restrictions. I have found some users very umm creative.

There are currently about 40 known viruses/bots which exploit UPNP to
allow communication, with 2 new ones being released this month alone.
http://secunia.com/search/?search=upnp&w=2

Netgear has an issues (patched) where UPnP is used to disclose internal
passwords.

With the higher Gods requiring use of IE on the standard desktop with an
excess of 10+ current known exploits some of which allow code from
remote sites to run code of their choice run on the local host with the
permissions of the attackers choice, I am not comforted.

I have some wonderful users. If there is exploit code on the net, they
will find it.

Side Note: Actually I publish an internal newsletter directed at the
home user to our local community has helped educate our users to ongoing
issues and they are getting much better at avoiding pitfalls, but it has
taken a year to get the message to sink in. User education is one of
the best mechanisms one can use to reduce issues. By directing it at
the home user I can talk about things that they are not even suppose to
run so they can understand the threat from an intellectual basis instead
of a policy one. If you can reduce home computer target you reduce the
possibility of the threat coming in through the back door. Most users
don't want to compromise the network, but when they don't understand the
threats, they will. There are always a few disgruntled workers that
strive for compromise. The hardest issue I have is reducing the content
where a non-techy can understand it. If subject matter is too stoic or
too technical they won't read it because they really don't understand
the lingo.

I am probably just overly paranoid however I still believe that UPNP is
best run in the off position. By manually determining what is open to
where, and layering firewalls (boundary firewalls in large orgs are
sieves) and filters, it complicates the task of compromise. UPnP can
defeat the layered security topology and make life much easier for the
bad guys. In our configuration, we turn off UPnP in XP and on 2003
server. It is essential to know what is open to where and why a
specific allow is open. I don't want anything changing whats supposed
to be open dynamically.


Winged

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:3tvTd.17391$uc.1036@trnddc09...
<snip>

IIRC, there have been advisories for both Netgear and Linksys [Cisco]
routers, but nothing that I remember recently. Most have, IIRC, been for XP
itself.

I'm not a Messenger user, so this may be out of date...

HTH

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!