[Security] client-to-client security :: Summary and todo's

Pedro Melo melo at simplicidade.org
Sun Aug 24 03:12:52 CDT 2008


Hi,

On Aug 23, 2008, at 7:32 PM, Dirk Meyer wrote:
> Pavel Simerda wrote:
>> On Sat, 23 Aug 2008 18:21:38 +0200
>> Dirk Meyer <dmeyer at tzi.de> wrote:
>>> UPnP is a working choice, but bad. Just google for it.
>>
>> I know what UPnP is.
>
> I mean: google why it is a bad choice :) See below
>
>>> Since it is based on HTTP attackers found a way to open ports on
>>> your router.
>>
>> Please be more precise, this is not a useful piece of information at
>> all.
>
> OK. UPNp uses HTTP. If an attacker knows your router IP address (in
> many cases 192.168.1.1) he can use your browser to open port
> forwarding on your router so you expose services (windows has a lot of
> services that should be closed to the outside).

An attacker with access to 192.168.1.1 is inside your network. He is  
already inside with access to your services, the game is already lost.

> First link I found using google:
> http://www.haveyougotwoods.com/archive/2008/01/15/common-home- 
> router-exploit-upnp-enabled-routers-only.aspx

I'm not defending UPnP really, but this attack boils down to: you  
download an application and allow said application to access your  
network.

And the author is surprised that this is a security risk? UPnP  
exploits should be the least of his problems.

(I don't know much about Flash, but I though it had the same same- 
source security mechanisms of Javascript, and in that case the attack  
described would not work)

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list