On Sun, Feb 3, 2013 at 10:22 PM, <bryanm@acsalaska.net> wrote:
> "To prevent hacking, disable Universal Plug and Play now"
> http://arstechnica.com/security/2013/01/to-prevent-hacking-disable-universal-plug-and-play-now/
>
> In summary, many devices, in the name of usability, disregard
> security principles and even open up holes in your firewall to
> allow access to your LAN.
Yeah, it's disappointing. I can just see, movie-scene-like, where the
geeks at Big Device Company are saying "Noooo!!" but the people
running the helpdesk override them because it keeps the call volume
down. :-(
Here's a simple scan to detect basic uPNP, assuming port 1900:
sudo nmap --script upnp-info.nse -p 1900 -sU [target-network]
Further, some server-grade remote management (IPMI, BMC, iLO, iDRAC,
etc.) implementations have embedded Linux that includes uPNP, but not
on port 1900.
http://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html
http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface#Baseboard_management_controller
Relevant deep nmap to catch 'em listening on any port (add -p 5431 for
a fast first pass):
nmap -T5 -sV -sC [target-network]
Lots of printers, routers, media/Roku devices, etc. have it ... and
many have no way to disable it in the interface. Ditto for the BMC
stuff. You're basically at the mercy of the manufacturer to provide
updated firmware.
Some good refs:
http://isc.sans.edu/diary/Exposed+UPNP+Devices/15040 (where I got the nmaps)
http://pauldotcom.com/wiki/index.php/Episode276#Tech_Segment:_UPnP_Hacking_For_Penetration_Testers
Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Feb 4 06:22:02 2013
This archive was generated by hypermail 2.1.8 : Mon Feb 04 2013 - 06:22:02 AKST