A view from the technical underground
RSS icon Home icon
  • UPnP is dangerous

    Posted on February 9th, 2013 admin No comments

    UPnP (Universal Plug and Play). Looks great on paper; bring home a new device (let’s say a wireless printer). Turn it on and it will automatically configure your router and network to be able to use it. again, looks good on paper except it is very insecure. You have no idea what accidental or worse intentional holes it will make in your network security. What is worse, most brands of routers implement it badly so that anything on UDP port 1900 and TCP port 2869 inside or OUTSIDE your network can reconfigure your router to do whatever they ask including shutting down your firewall that is protecting your home (or small business) data.

    HD More (Of metasploit and Rapid7 fame) did a scan of the internet and found over 81 million devices on the internet with their UPnP service active. Any UDP port 1900 and TCP port 2869 request was acknowledged and the network was wide open.

    First, scan for UPnP running on your network, a good way is go to GRC.com and use their scan tool.

    Never use UPnP, go into your router’s admin page and turn it off!. Next block UDP port 1900 and TCP port 2869 overtivally. It just isn’t worth the hole in security.

    By the way, this isn’t the Microsoft OS Plug and Play (boy this concept is a disaster no matter how it is being used) exploit!

    Articles on the subject: