Unfortunately, it gets worse - on some routers, a Flash applet could change the primary DNS server with a UPnP request. The attacker would have to exploit a vulnerability in a network service running on your computer after doing this, though – using a firewall on your computer will help protect you. For example, the applet could ask the router to forward ports 1-65535 to your computer, effectively exposing it to the entire Internet. A specially crafted Flash applet, running on a web page inside your web browser, can send a UPnP request to your router and ask it to forward ports.
The Flash UPnP Attack was discovered in 2008. You might assume that you’re secure as long as no malware is running on any local devices – but you’re probably wrong. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP. UPnP doesn’t require any sort of authentication from the user. Image Credit: Carsten Lorentzen on Flickr The Flash UPnP Attack While some people may remember the NIPC’s advisory and have a negative view of UPnP, this advice was misguided at the time and the specific problem was fixed by a patch for Windows XP over ten years ago.
The NIPC actually issued a correction for this advice later, after they realized that the problem wasn’t in UPnP itself. Near the end of 2001, the FBI’s National Infrastructure Protection Center advised all users disable UPnP because of a buffer overflow in Windows XP. If malware not being able to forward ports is important to you, you’ll want to disable UPnP. There’s no getting around this one – UPnP assumes local programs are trustworthy and allows them to forward ports.
0 kommentar(er)
