UPNP

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: scott.becerra, PLUG Linux Security Team, Main PLUG discussion list
Subject: UPNP
Since more than a few people were interested in current technology related
to UpNp,

here's some of the features of this dangerous, yet mostly open protocol:

Miranda is one of the oldest tools used for upnp discovery.
http://www.securiteam.com/tools/6N0012KN5Q.html

http://www.ethicalhacker.net/content/view/220/24/

On a more interesting note, upnp can actually be used as an attack vector:
http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play/

Which has been exposed at both 2600 and DefCon as early as 2001.
http://www.upnp-hacks.org/upnp.html

The most common current use of upnp as an attack vector involves Linksys
"routers":
http://homecommunity.cisco.com/t5/Wireless-Routers/Hackers-Using-Linksys-Wireless-Router-to-Break-In-Through-The/m-p/330103

As you can see, any of you wanting to do research in this area, could easily
come upon some real world cracks or at least a few bugtraq entries. Perhaps
enough to present next year at one of the security Cons?


http://www.obnosis.com
*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss