the default Ethernet ADSL modem that was used by KPN in the Netherlands
was the Alcatel/Thomson Speedtouch 510, which enables UPnP by default. In
the web interface of this device there is no possibility to disable UPnP. Users
have to use the commandline interface to shut off UPnP, which is beyond the
technical capability of many users.
• Wireless access points and routers that are primarily meant for home use are
also frequently used inside (small) company networks (“SOHO”). The Linksys
brand of access points and routers is especially popular in this segment of the
market. War driving has shown that many administrators do not properly
configure wireless access points and routers, which makes it likely that UPnP
is also enabled on those networks.
• Many, if not most, attacks on company networks originate from normal con-
sumer lines (“zombie networks” come to mind). The fact that millions of
UPnP enabled routers were sold makes this something that should not be
ignored.
A threat to businesses is that services that should not be exposed to the outside,
such as internal DNS or NFS/SMB file servers can now easily be opened up to the
whole world. These fileservers often contain sensitive and important information.
A firewall cannot be trusted to keep out the bad guys anymore (even though relying
on just a firewall is bad anyway), making it as likely to be hacked as when the
machine is hooked up to the Internet directly. Having good host security is (and
always has been) important and is often overlooked.
So far it seems that there has been not much research in the area of abusing the port
mapping feature of UPnP Internet gateway devices. It could be that many people
do not see it as a threat, or that this hack is simply too obvious that no one thinks
it is good enough to exploit it. However, many of the most effective cracks are done
via simple holes. My hopes are that this paper can somehow fuel the discussion for
integrated security in SOHO and home user networking equipment.
3 Design of UPnP
The UPnP protocols are developed by the UPnP Forum[4], the UPnP standardiza-
tion committee. It oversees the development of new profiles and standards. In this
section I will give a short description of how UPnP is designed. A more thorough
description can be found in the book “UPnP: Design by Example”[15].
3.1 Profiles
Central to the concept of UPnP are profiles. A machine or a piece of software can
implement one or more profiles and provide services accordingly. The UPnP Forum
has defined various default profiles, including profiles for printers, HVAC (Heating,
Ventilating, and Air-Conditioning) systems and so on. The first profile that was
certified was the Internet Gateway Device profile. Devices which implement the
Internet Gateway Device profile are meant to provide access to WLAN connections,
such as the Internet. Devices that implement the Internet Gateway Device profile
are routers, wireless access points and ADSL modems. In this paper the focus will
be on devices that implement this profile.
In the UPnP documentation devices that can provide a service are called “control
points”. Machines or programs that make use of these control points are referred
(10 Seiten)
(151 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern