Joined: May 22, 2003 Posts: 23947 Location: NSW, Australia XP: 3,060,914
Posted: Mon May 27, 2013 5:30 am Post subject: Warning: Turn Off UPnP - Avoid Security Vulnerabilities
I have been securing my network at home, and just realized after a recent firmware update that I did a few weeks back has set UPnP to on (on by default), on my NetGear router. I have been having loads of issues the past few weeks with my connection at home, and now it seems to all be related to UPnP. I always port forward rather than use the vulnerable UPnP option in the router, but after the firmware update it reverted to default, today i checked through my settings and turned it off again. While i was having problems i decided to read up on the latest about uPnP. I remember something about the FBI back in early 2000-2001 or something. This is what i found.
TURN OFF UPNP guys, forward your ports manually.
If you turn ON UPnP, there is no need to forward ports on your router, but there are many vulnerabilities. Learn more in the article from forbes i have attached below.
Disable This Buggy Feature On Your Router Now To Avoid A Serious Set Of Security Vulnerabilities
1/29/2013 @ 3:42PM
Quote:
You’ve probably never checked whether your Internet router is set by default to use a harmless-sounding protocol called Universal Plug and Play. If it does, now’s a good time to turn it off.
The protocol, abbreviated UPnP, lets computers, printers, and other devices make themselves easily discoverable to a network router. But new research by the security firm Rapid7 shows that it could also let hackers easily discover and exploit those routers, too. And the problem is “universal,” indeed: A wide-ranging scan of the Internet show that it affects as many as 50 million unique devices.
On Tuesday security researcher Rapid7 released an advisory warning that UPnP allows the remote discovery of between 40 and 50 million UPnP routers, printers, servers and other machines. The company says that software bugs it found in three different implementations of the protocol affect 1,500 vendors and 6,900 different products, including some versions of routers sold by every major vendor, including Cisco’s Linksys division, Belkin, D-Link and Netgear. And while some of those bugs would merely allow affected devices to be temporarily disabled, at least 23 million of the devices are susceptible to full takeover by hackers, potentially becoming a jumping-off point for an attack on the victim’s network behind any firewall.
Joined: Jan 17, 2013 Posts: 451 Location: Murica XP: 18,192
Posted: Mon May 27, 2013 5:35 am Post subject:
Yeah I've always had trouble setting that stuff up on my Actiontec Q1000 router myself. That stuff has always been a headache for me.
UnPnP is enabled on my router.
But when I try to play halo 2 on my original xbox with kai I can't see the other players.
When I shared internet by ethernet cable to my xbox and set up a separate TCP and UDP port forwarding rules with my router settings online, then I could play on kai better.
forahobby Administrator
Joined: May 22, 2003 Posts: 23947 Location: NSW, Australia XP: 3,060,914
Posted: Mon May 27, 2013 6:06 am Post subject:
halofan102 wrote:
UnPnP is enabled on my router.
But when I try to play halo 2 on my original xbox with kai I can't see the other players.
When I shared internet by ethernet cable to my xbox and set up a separate TCP and UDP port forwarding rules with my router settings online, then I could play on kai better.
Yeh, with UPnp turned off you need to set your xbox with a static ip and port forward everything manually. When you manually open your ports and turn off Upnp it makes it a little fast if you ask me, since the ports are already opened and no request is sent to open the port via uPnP. _________________________________________________________ HQ Network:
www.xbox-hq.com | www.xboxone-hq.com | www.360-hq.com | www.c64-hq.com
dlna caught me out with 360, it was listing the contents of the media server cos i forgot to turn it off, i kept saying but i didnt give you access to my smb shares yet how the fudge you got access to them, then it clicked. still wouldnt play anything though even after downloading codecs, but im paranoid i guess.
Amiga1200 V.I.P. Lifetime
Joined: Jun 19, 2012 Posts: 461
XP: 17,252
Posted: Mon May 27, 2013 1:16 pm Post subject:
^^ unluckily, i'm on some useless POS netgear as well but my "upnp" settings was disabled by default, only really any good for media streams anyway!
(samba share takes up the slack)
..........
god i miss my old belkin ADSL job, had WAY better NW wireless or otherwise across the board!
(i maybe coming back into another oldie 54g effort with it's usb wifi counterpart, then i'll have two usb wifi cards, both belkin! slow but reliable! not like this virgin media sponsored POS, at least with belkin i can wifi to ANY compatible device that's cfg'd for a pair up..) _________________________________________________________ to all my friends... farewell and all the best to future prosperity... and remember, be excellent to each other!
i miss my smoothwall, i have total control over EVERYTHING with that now i dont care so much there is already too much to do with all the devices different technologies etc its crazy.
forahobby Administrator
Joined: May 22, 2003 Posts: 23947 Location: NSW, Australia XP: 3,060,914
Posted: Wed May 29, 2013 3:35 am Post subject:
if you guys want to know something funny, i reconfigured my router back to the way it always used to be, but something weird is happening for me when playing games on Xbox LIVE. ok, i have done speedtest.net and everything is coming up good. My ping is pretty low 10ms, and my upload and download is steady. It's just when i join for example a game of black ops 2, it always forces me as host within a few minutes. After I'm host I can run around the map and hardly anyone can see me.. its so funny. I wish i was recording it. Like 3 guys running around me or should i say where i was.
I always got host in lobbies before but never had this issue. Its only since the latest firmware update i got for my NETGEAR router. strange. anyway, just thought id share. _________________________________________________________ HQ Network:
www.xbox-hq.com | www.xboxone-hq.com | www.360-hq.com | www.c64-hq.com
X_Splinter Moderator
Joined: Jul 03, 2004 Posts: 2385 Location: Portugal XP: 368,740
Posted: Wed May 29, 2013 2:45 pm Post subject:
Interesting... I am gonna leave it on on my house but I'll probably disable it on my office.
Another tip guys, disable WPS... It's so easy to get a wifi password by cracking WPS _________________________________________________________
|
All times are GMT |Page 1 of 1
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
HQ Network: 10,723 | 
Guests: 4653 |
Members: 0
