TechSpot

UPnP flaws place millions of networks in danger

By Rick
Jan 29, 2013
Post New Reply
  1. Several security vulnerabilities found within common UPnP implementations have prompted experts at Rapid 7 to recommend the public disable UPnP entirely. Research spanning several months in 2012 revealed that over 2 percent -- or about 50 million -- of all...

    Read more
     
  2. jobeard

    jobeard TS Ambassador Posts: 13,449   +324

    I've never allowed UPnP at the gateway router and
    for those on Win/7, the Firewall Advance Settings->Network Discovery (UPnP-in) can be further restricted
    by setting the Scope to your Local Lan
    (properties-> Scope Tab -> (*) These IP addresses -> add -> local subnet)

    UPnP has ALWAYS been an issue.
     
    Blkfx1 likes this.
  3. Rick

    Rick TechSpot Staff Topic Starter Posts: 6,305   +52 Staff Member

    For being "automagical", I've always found it cantankerous.

    I actually re-visited UPnP in recent years to get WiFi sync working between iTunes and my iPhone... It just cemented my previous experiences. Sometimes it would work... sometimes it wouldn't... I'm sure it works fine for many people with many different routers etc.. but I've officially given up on UPnP.

    I'm also someone who takes comfort in being explicit and deliberate when it comes to configuring devices... I leave it disabled and will likely continue to do so for some time.
     
  4. jobeard

    jobeard TS Ambassador Posts: 13,449   +324

    I was speaking of the Security Risk UPnP creates :sigh:
     
  5. Lionvibez

    Lionvibez TS Enthusiast Posts: 601   +89


    Great tip will look into this tonight.

    Question also say you want to use UPNP so it configures the port for the application you are trying to setup but then disabled after its configured. Would it be ok to use it on a per application basis then turn it off when not needed?
     
  6. jobeard

    jobeard TS Ambassador Posts: 13,449   +324

    That would work, but what a pain to keep track of :(

    There's also the issue of knowing what need to be configured - - sometimes it's more than just one application.
     
  7. hahahanoobs

    hahahanoobs TS Booster Posts: 984   +97

    I disabled UPnP almost a year ago when I kept getting disconnected from BF3 servers, and saw disabling UPnP as a fix, and it worked!

    "Without UPnP, users must manually configure port forwarding and IP address assignment via their router and firewall administration utilities."

    Not me. I have zero ports manually configured with UPnP Disabled in my Thompson Modem/router, and torrents and online gaming are trouble free. Hmm, I just looked at settings again... is Automatic Port Mapping in uTorrent a workaround for forwarding ports manually with UPnP disabled?
     
  8. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,169   +176

    Without UPnP or ports forwarded, your torrents would not be able to connect to another person who has the same configuration as you. Referred to as whether you are "connectable" or not.

    UPnP is just another technology that should have been aborted at birth. Like ActiveX and WPS. When you consider the security holes and access it gives to unauthorised parties, it is just a bad idea. I've disabled it from day dot on every router that has had the feature because it just stunk.
     
  9. PinothyJ

    PinothyJ TS Enthusiast Posts: 429   +15

    WTF!

    Rapid seven want my full name, phone number, job title and company, amoungst other things, just to use this utility.


    What a crock...
     
  10. Lionvibez

    Lionvibez TS Enthusiast Posts: 601   +89

    I just ran this tool on my network which has UPnP enabled and I got:

    [​IMG]
     
  11. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,169   +176

    Just means your UPnP does not have the exploit that the tool checks for. So you aren't susceptible to *this* problem.

    One of the main reasons I don't like UPnP is that if malicious code runs on a machine in your network, it can use UPnP to open a port to the outside world and do things like act as a server for botnets and so on. Take commands etc. It's just a *really* dumb idea to give arbitrary software that kind of power.
     
     
  12. spydercanopus

    spydercanopus TS Guru Posts: 802   +87

    If you're directly connected to a modem without a router, you should disable it from services.msc
     
  13. Per Hansson

    Per Hansson TS Server Guru Posts: 1,932   +126 Staff Member

    This is the exact reason I've given for disabling UPnP in the last decade...
    I always knew a vulnerability like this one we see today would come, I'm actually surprised it took so long!
     
  14. hahahanoobs

    hahahanoobs TS Booster Posts: 984   +97

    Thanks for the info.
     
  15. havok585

    havok585 TS Enthusiast Posts: 108   +19

    UPnP should not be disabled if u host servers (ftp access, public game servers, Winamp radio stations ,etc.) on certified high quality modem/routers (Cisco, Linksis (Cisco again lol) D-Link, NetGear and Asus) especially if u are not a power user, no hacker could access your router, unless the firmware is outdated (professional brands have this auto-updated) and u messed with the settings (firewall disabled, ports left open without filtering)...

    UPnP service should be disabled if u are a power user and want to control the whole scene.
     
  16. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,169   +176

    Personally I would highly recommend anyone running dedicated servers to learn port forwarding rather than touch UPnP.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.