Vulnerability Issue

[Warlock]

Hello Folks,

 

I subscribe to a newsletter that offers articles in general, tips and notifications. It's entitled "Ask Bob Rankin". In today's edition the author presented an article about UPnP vulnerability and it sounded quite nasty. Homeland Security was in on the act. It offered some sites one could go to to run tests to see if you were or were not vulnerable to attacks even through your firewall and provider.

 

I've checked around the forum and didn't see any mention of this and I was wondering if anyone has heard of this issue and if I should start heading toward the panic button. I'll have to check back later for any responses and my sincere thanks and appreciation to all for any input. Have a good one.

 

Warlock

[login123]

Gibson Research wrote about it here: http://www.grc.com/unpnp/unpnp.htm

 

He made a little exe file that turns upnp on or off. It is available at the green link on that page.

I have downloaded it and used it in the past, and again just now, thanks for reminding me.

 

Edit: Guess I should say that I never saw it make any difference in the operation of my other desktop.

I just turned it off early on and never thought about it again.

 

Not sure what upnp is supposed to do for you. ??

[Tasgandy]

Much has been written about Universal Plug "N" Play (Pray) over the years, many truths and exaggerations, the following is a copy of one of the best "clear" answers that satisfied me...............it's 4 years old.

What is UPnP on a router? Can I disable the UPnP option on my home network router? Do I need this? Will it affect performance in a good or bad way if I disable it? Do I use this? I only use my computer for browsing and that is it.

 

Best Answer - Chosen by Voters

 

UPnP is for automatic discovery of other Plug n Play devices on the network, if you don't use file sharing between local network computers, or shared printers on the network then its unlikely you will need it enabled

[Andavari]

I've used that Gibson Research tool in the past, although I switched to Windows Worms Doors Cleaner ("WWDC") years ago since it also disables other stuff. Note that WWDC if used improperly can disable some Internet connections depending upon ISP settings!

[login123]

Thats a nice newsletter, btw, Warlock.

I tried that router tester made by Rapid7. Here:

http://upnp-check.rapid7.com/

 

My old router passed.

[Fluffy]

I think what Warlock is asking, and I too could do with a simple explanation What is this threat (Plug and play),

Is there something that can assess if he is at risk,and what to do if he is and would a regular virus check pick up anything if he already has been at risk

If anyone can explain in laymen`s terms it would be most appreciated !!

[Andavari]

Post #2 by login123 has a GRC.com link that explains some things about it.

[login123]

Post #2 by login123 has a GRC.com link that explains some things about it.

 

Hi, Fluffy.

Yes, it does. I never understood it very deeply, just used that exe to turn off upnp. On win xp.

Was a long time ago. Everything still worked OK, and afaik have never needed upnp since.

If it gums something up, the same exe will turn upnp back on.

 

Apparently there is renewed interest in upnp, that article by Rankin is recent.

 

Edit: On Rankins webpage about upnp, there is a link to a "Vulnerability Note VU#922681". It has some explanation. There must be renewed interest in upnp, Dept of Homeland Security logo in the top right corner.

[Warlock]

Hi Everyone,

 

I hope I don't muck things up by an addition to my post. I'm glad there was input to my query about this UPnP issue. I was trying to understand what Bob Rankin was presenting and it seemed to me that he was conveying what it can do to you if miscreants abuse this entity. It's a great little newsletter.

 

I didn't run any tests, just left things alone as don't have the Midas Touch by any stretch. I called my ISP on another support matter last night and while I had the rep on the phone over in India he stated he was aware of this issue and they have already something in place to protect customers. He told me not to be concerned. As long as I keep my security programs updated and don't see any red flags or smoke rising from my computer I should be able to rest easy with the type of operating I do which is simple, no fancy dancing like some folks. So I didn't do anything, believing firmly in if there's no problem don't try to fix it.

 

Is that on track or clear as mud as they say? If I'm bouncing off the wall just let me know my good friends. My skin isn't thin and I can take constructive criticism being your humble illiterate member. Got to scoot over to another area so take care everybody and thanks so much for your valued contributions as always. Will check back later. :-)

 

Warlock

[Andavari]

ISP probably will have protections in order but for that particular vulnerability I don't know because this topic is originally about a built into the Windows operating system vulnerability which is definitely in Windows XP as documented but I haven't a clue if it still exists in newer operating systems such as Windows Vista, 7, 8.

[login123]

Hey, Warlock.

Starting or stopping upnp is easy and almost instantaneous with that exe.

Try it for a while. See if everything still works. If anything stops working, just turn upnp back on.

 

Your isp no doubt has itself protected, but as Andavari suggests, that doesn't mean your computer is protected. In other words, they probably don't block upnp code from passing through to you, even though they do have their systems protected.

 

I'm going to log off and try the GRC exe in win 7. Have only tried it in xp before. Back in a minute.

 

Good to hear from you, by the way.

 

Edit: Exe ran fine in win 7, just had to "run as administrator". Turned upnp off. Everything still works in win 7. Going to leave it that way for a while. Make sure everything works.