UPnP attack
John Wendel
john.wendel at metnet.navy.mil
Fri Jan 18 22:22:02 UTC 2008
Alan Cox wrote:
> On Sat, 19 Jan 2008 06:43:59 +0900
> John Summerfield <debian at herakles.homelinux.org> wrote:
>
>> Les wrote:
>>> Hi, guys,
>>> I just got this from a Tech Republic newsletter:
>>> http://blogs.techrepublic.com.com/tech-news/?p=1902
>>>
>>> Basically it notes a form of attack using port forwarding by use of
>>> Flash and Javacode. However, probably other scripting languages could
>>> be used. It is not OS or browser dependent, but rather depends on the
>>> standard protocols of UPnP and and the Flash plug-in programing
>> standard _windows_ protocol. I've not heard of Linux doing it.
>
> UPnP is a dreadful protocol but its perfectly possible to do it on Linux.
> UPnP is an abomination for managing/controlling routers and other devices
> so its quite possible your router talks it
>
Azureus uses it to automagically open ports on your router (if you let
it).
Best to disable it in your router config.
Regards,
John
More information about the users
mailing list