[Security] client-to-client security :: Summary and todo's

Pavel Simerda pavlix at pavlix.net
Sun Aug 24 03:35:05 CDT 2008


On Sun, 24 Aug 2008 09:12:52 +0100
Pedro Melo <melo at simplicidade.org> wrote:

> Hi,
> 
> On Aug 23, 2008, at 7:32 PM, Dirk Meyer wrote:
> > Pavel Simerda wrote:
> >> On Sat, 23 Aug 2008 18:21:38 +0200
> >> Dirk Meyer <dmeyer at tzi.de> wrote:
> >>> UPnP is a working choice, but bad. Just google for it.
> >>
> >> I know what UPnP is.
> >
> > I mean: google why it is a bad choice :) See below
> >
> >>> Since it is based on HTTP attackers found a way to open ports on
> >>> your router.
> >>
> >> Please be more precise, this is not a useful piece of information
> >> at all.
> >
> > OK. UPNp uses HTTP. If an attacker knows your router IP address (in
> > many cases 192.168.1.1) he can use your browser to open port
> > forwarding on your router so you expose services (windows has a lot
> > of services that should be closed to the outside).
> 
> An attacker with access to 192.168.1.1 is inside your network. He is  
> already inside with access to your services, the game is already lost.

+1

> > First link I found using google:
> > http://www.haveyougotwoods.com/archive/2008/01/15/common-home- 
> > router-exploit-upnp-enabled-routers-only.aspx
> 
> I'm not defending UPnP really, but this attack boils down to: you  
> download an application and allow said application to access your  
> network.
> 
> And the author is surprised that this is a security risk? UPnP  
> exploits should be the least of his problems.
> 
> (I don't know much about Flash, but I though it had the same same- 
> source security mechanisms of Javascript, and in that case the
> attack described would not work)
> 
> Best regards,


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list