[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 24 Jan 2008 17:52:41 +0000 Allister Gearon wrote: > Hi all, > I don't know whether this has been flagged up on the list already (I > don't remember seeing it), but a rather serious vulnerability shared > by 99% (apparently) of all routers exists. I originally saw it > listed here; > > http://www.channelregister.co.uk/2008/01/15/home_router_insecurity/ > > and the details are here; > > http://www.gnucitizen.org/blog/hacking-the-interwebs > > an here; > > http://www.gnucitizen.org/blog/flash-upnp-attack-faq > > Apparently the only fix is to turn off uPnP on your router, if your > are lucky enough to have such as option. Mine didn't. : ( > Apologies if you already know all about it. > Cheers > Allister I've said for many years now that UPnP is an abomination of networking. Pretty much any application running on a host PC can request that the router opens up and forwards incoming traffic arbitrarily. What's the point in having a firewall if you go and invent and widely implement a technology that circumvents it without the need for authorisation?! Grr! *Deep breath* Grant. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html