Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsWorldxChange / XNet / VFXUPnP available WAN-side and not blocked by XNet

Guf



3 posts

Wannabe Geek
Topic # 114301 15-Feb-2013 09:22 Send private message

http://watchguardsecuritycenter.com/2013/01/31/h-d-moore-unveils-major-upnp-security-vulnerabilities/

http://www.grc.com/securitynow.htm#389

81 million publically routable IPv4 endpoints have UPnP (which only makes sense LAN-side) open on the WAN side, and worse, most of those have a copy of the reference implementation with next to no security in it, thereby allowing a single UDP packet over 1900 to take over the router.

XNet's previously recommended hardware is among those affected, in particular the WAG310G, which also looks like it might also have it's admin portal open WAN-side too!

Various honeypot machines are seeing a daily increase in probes against this port - the threat is very real and definitely increasing!

Use the ShieldsUp service at grc.com ( https://www.grc.com/x/ne.dll?bh0bkyd2 ) to check if you are vulnerable, as it has a specific test for this.

If you are, join in the pressure to get XNet to block UDP:1900 as it is very unlikely the router makers are going to move fast on this as it'd involve admitting liability.

And should they release an update, how many affected customers would actually be able to successfully apply a firmware update - how many would just call it too hard..?

Filter this topic showing only the reply marked as answer Create new topic
16853 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 762838 15-Feb-2013 10:00 Send private message

If you have a voice device from WxC that's auto provisioned any firmware updates can be applied automatically by them.

The big question is whether Cisco / Linksys will release an update..




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

Guf



3 posts

Wannabe Geek
  Reply # 762850 15-Feb-2013 10:19 Send private message

IIRC I purchased this hardware in a shop, as it was the recommended option, but I'm not certain of that.

In that case, it having WAN-side admin portal open makes some sense tho.

Specifically, FTP, HTTP and HTTPS are wide open on it, along with UCP:1900 and also the TCP port that it says to connect to for the UPnP SOAP interface; even tho the UPnP query response puts that against the internal IP it's open externally, and all this while the UI's checkbox for UPnP is set to Disabled!

Guf



3 posts

Wannabe Geek
Reply # 772414 1-Mar-2013 18:09 Send private message

I have discovered that if I set up my router to DHCP a certain range but have a DMZ IP outside that range (i.e. a black hole DMZ), the UPnP port is no longer accessible, thus meaning my router is no longer vulnerable to the flaw it has.

I have also reconsidered my request to block UDP1900 at the ISP, as I have remembered that it is not a service port (0-1024) and thus not solely used for UPnP.

I strongly suggest that if you have a vulnerable router, such as the WAG310G, recommend to all users of those to do as I have done.  To find out, visit grc.com and use the Shields Up service there as it has a specific test for this.

Filter this topic showing only the reply marked as answer Create new topic
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Investor Rowan Simpson backs Timely
Posted 19-Jun-2013 14:36

Orcon Genius Go app set home lines free
Posted 19-Jun-2013 14:26

New Slingshot "Global Mode" gives access to world of content
Posted 19-Jun-2013 13:00

Symantec 2013 Global SMB IT Confidence Index shows top ANZ challenge is keeping up with IT trends
Posted 19-Jun-2013 12:37

Major update to Adobe Creative Cloud now available
Posted 19-Jun-2013 12:15

Geeksphere TV: Episode 23.1
Posted 19-Jun-2013 11:45


Trending now »
Hot discussions in our forums right now:

Sky outbid for EPL rights (Premier League Pass discussion)
Created by JonnyCam, last reply by Benoire on 19-Jun-2013 23:03 (234 replies)
Pages... 14 15 16

I am been sued - HELP!
Created by BaaaaD, last reply by mattwnz on 19-Jun-2013 22:59 (54 replies)
Pages... 2 3 4

Orcon Genius Go discussion
Created by freitasm, last reply by ptinson on 19-Jun-2013 21:22 (46 replies)
Pages... 2 3 4

Slingshot Global Mode announced
Created by freitasm, last reply by 1080p on 19-Jun-2013 23:01 (45 replies)
Pages... 2 3

Condenser Dryer: anyone has one?
Created by joker97, last reply by graemew on 18-Jun-2013 21:08 (31 replies)
Pages... 2 3

Slow YouTube Response
Created by SneakerPimps, last reply by mercutio on 18-Jun-2013 21:34 (23 replies)
Pages... 2

Suggestions for good Windows FTP client please?
Created by freitasm, last reply by Ragnor on 19-Jun-2013 22:47 (21 replies)
Pages... 2

Anyone else watching paint dry?
Created by gnfb, last reply by DravidDavid on 19-Jun-2013 19:53 (40 replies)
Pages... 2 3


Geekzone Jobs »
Most recent NZ jobs in technology:

Website needed
Posted 19-Jun-2013 22:38

Solution Architect - Pre-Sales element!
Posted 19-Jun-2013 22:38

Senior Business Analyst
Posted 19-Jun-2013 19:38

Java Developer
Posted 19-Jun-2013 19:38

RF Tester
Posted 19-Jun-2013 19:38

Motivated Systems Administrator
Posted 19-Jun-2013 19:38

Senior ASP.Net Developer
Posted 19-Jun-2013 19:38


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.