back to article Most home routers 'vulnerable to remote take-over'

Security mavens have uncovered a design flaw in most home routers that allows attackers to remotely control the devices by luring an attached computer to a booby-trapped website. The weakness could allow attackers to redirect victims to fraudulent destinations that masquerade as trusted sites belonging to banks, ecommerce …

COMMENTS

This topic is closed for new posts.
  1. Karl Strieby

    UPNP and recent Belkin routers OK

    My Belkin FSD7230-4 wireless router has a firmware setting to disable UPNP connections. UPNP is OFF by default.

    So that headline should probably read "*some* home routers are vulnerable..."

    Cheers from Canada

  2. Anonymous Coward
    Alert

    Airport Extreme Base Station?

    Any idea what Apples Airport Extreme Base Station, which contains a small router, might be set to?

  3. Anonymous Coward
    Linux

    UPNP Just like Windows ME ... a bad idea

    Which is why It is the first thing I turn off on all new installs I do.

  4. Dave Coventry

    I turned mine off..

    on my SMC Barricade router, and now I can no longer control it. Typing 192.168.1.254 in my browser reports a 404. Niether can I telnet or ssh it.

    In order to change anythong in the configuration I will have to use a paperclip to clear take it back to it's defaults. If I can remember my ISP user name and password.

  5. tony trolle
    Linux

    Belkin firmware

    The latest version of firmware for the Belkin FSD7230-4 'wireless' (when it works) router lacks uPnP. I find my current P2P progs like uPnP so I may have to

    a) get around to rebuilding spare system

    b) remove flash

    c) not 'upgrade' firmware

    d) all three

  6. Andraž Levstik

    UPNP yes BUT only as a media distributor

    I use upnp but only internaly through ushare(http://ushare.geexbox.org) and djmount to access it on my boxen. It's great for such things but I wouldn't touch it for a router EVER...

  7. Mart

    Orange UK router seems OK

    The Siemens router (not the Livebox though) that came with my Orange broadband also had uPnP turned off by default.

  8. Colin Wilson
    Coat

    Wasn't...

    Steve Gibson (http://www.grc.com) slaughtered in the press when he said how inherently unsafe UPNP was ?

    How many years ago was that now - seven ?

  9. Chris Green
    Alert

    Refund after today?

    There is, of course, no way to know from the boxed item, what it can/can't do to the extent purchasers may need.

    So, does a router that cannot have UPnP disabled, mean that it's not 'fit for purpose' and therefore, returnable for refund?

  10. Anonymous Coward
    Alert

    Linksys WRT54GL + DDWRTv23

    Anyway, the problem here isn't really the routers, it's the morons who go to infected websites. We still need to stamp out the problem at the root.

  11. Anonymous Coward
    Coat

    RE: Refund After Today

    I'd say they can't argue it, unless they want you to pull up a manager and start yelling how they sell insecure hardware in the middle of a PC world :P

    You know.. I might go do that on my lunch. I've already got a few Bug-Bears to pick with PC world..

  12. gareth

    @ Tony trolle RE: i turned mine off

    or you could just manually set the port forwards (sometimes called virtual servers by some manufactures) so you can turn upnp off and turn upnp off in the programs such as azureus and it will stop moaning at you

  13. Anonymous Coward
    Happy

    UPnP

    I've had it turned off for years, I never like the concept from day one. Never had a need for it, but guess I'm a bit more technical than you average Joe.

    Oh and remember people, not every router has the same address.

  14. Anonymous Coward
    Anonymous Coward

    But... but...

    UPnP is great. Rather than creating a port forwarding rule (which always leaves a certain port open), it only opens and forwards the port *while running the app which needs it*. Once the app closes, the port is also closed.

    I'll rely on NoScript blocking Flash content that's not hosted on websites I explicitly trust, for now.

  15. Anonymous Coward
    Jobs Horns

    AEBS and that...

    I think it does - Leopard's Back-to-my-Mac relies on uPnP.

    Cisco 857's don't do it. As I found out when trying to play with Back-to-my-Mac. Still silver linings and that, eh?

  16. Matthew Johns
    Go

    It's me being a bit thick

    But in order to set up the forwarding described I have to manually log in to my router with an ID and password. Does the UPnP not require the same authentication when done through this Flash exploit?

  17. Anonymous Coward
    Thumb Up

    ah

    Turned mine off...about 2 minutes ago :P

  18. ryan
    Dead Vulture

    @Colin Wilson

    Gibson was slaughtered in the press for being a scare-mongering f*ckwit.

    Whilst he - quite rightly - declared UPnP unsafe, he also declared just about every other interface & protocol available to a PC unsafe too.

    Besides, turning UPnP off has been considered good practice since it was first introduced.

  19. P Chase
    Thumb Up

    Thumbs-up for Belkin

    My (year-old?) Belkin not only defaults UPnP to Disable but includes a good explanation of the risks of enabling it.

  20. Daniel
    Gates Horns

    oh good

    i wasn't sure, but just checked on my D-Link G604T and it was turned off. I think I probably looked at it and said "what's that? sounds dodgy. Do I need it? no ...."

    next ...

  21. David Shepherd
    Happy

    UPnP disabled here too

    Think that until a couple of days ago it wasn't an issue as my aged BEFSR41 predated UPnP! However just got a WRT54GL and, as others have commented, during initial setup saw the enable/disable UPnP and without thinking disabled it! (Slight minus point was that it was enabled by default)

    Also, interested to see that WRT54 also has the useful option of denying access to the settings web pages from the wireless interface which closes another potential (if unlikely in practice) harzard

  22. The Mole

    Flash security flaw

    I find it very tenious that the reason that this isn't a security flaw in flash is because flash is behaving the way it was designed too. This is complete rubbish.

    It IS a security flaw in flash. I can see no justifiable circumstances why a flash script from the internet should be able to open a page to a private non-public ip address. It shouldn't be allowed.

  23. A. Lewis
    Thumb Up

    Mavens!

    That's a lovely word which I've seen a lot on El Reg recently. You're all quite the literacy mavens!

  24. This post has been deleted by its author

  25. POPE Mad Mitch
    Flame

    if only it was that easy

    UPnP is supposed to be standardised, shame that in reality it isnt, every router has its own little foibles and bugs, many just plain dont work at all, or work once then crash. its been hell trying to write code to work smoothly with as many routers as possible. oh and someone said that the port forwarding vanishes when the application does, wrong, the program would have to explicitly send delete rule commands to the router.

  26. Ray Robertson

    RE: Airport Extreme Base Station?

    The Apple Airport Extreme doesn't support UPnP instead supporting the competing, but seldom used, NAT-PMP standard.

    NAT-PMP does a similar job to UPnP, perhaps it is also vulnerable?

  27. Anonymous Coward
    Anonymous Coward

    Phew

    Went to look. Big red icon beside UPnP and "To enable UPnP, check the Enable UPnP box and select a connection below."

    Can't recommend my router to the colourblind but at least they got that default right.

  28. Jason Scrutton
    Alert

    The Orange Livebox...

    Has UPNP on by default (well mine did)

  29. Anonymous Coward
    Anonymous Coward

    UPnP requests from the internal network?

    Because the request is sent by the web browser, the upnp request _is_ from the internal network.

    Can't javascript also send these type of requests?

    Do other viruses and trojans change your primary DNS? It seems like it'd be a rather useful thing to do, if you're so inclined.

  30. Death_Ninja

    All excellent news except...

    ...if you have an Xbox360 and use Live.

    I'll guess we'll have to wait for that penguin powered games console and in the meantime keep ourselves amused with board games or something.

    Alternatively I might have a look and see if I can create a firewall rule on my router to only allow non-PC's on my network to use UPNP...

  31. Anonymous Coward
    Coat

    IP Address

    The links on the article seem to imply that it uses the IP address of the router to give it access to UPnP.

    So does this mean that if the router has a non default IP address (or is not the default gateway) then its actually going to be hard to get into? How long is it going to take to scan all the IP addresses in my 192.168.x.x address range?

  32. Simon Greenwood
    Thumb Up

    Re:oh good

    Daniel, it's OK, I can't get UPnP to work on my D-Link G604T, along with reliable name resolution under Linux and a way of using FTP that doesn't cause it to crash, so I think we're safe.

  33. Anonymous Coward
    Anonymous Coward

    Dont need upnp

    all you need is Static ip's on your network and port forwarding, unless you got a router that can forward ports by computer name then you might get away with using DHCP and port forwarding

    who needs upnp anyways

  34. Anonymous Coward
    Anonymous Coward

    RE: Flash security flaw

    "It IS a security flaw in flash. I can see no justifiable circumstances why a flash script from the internet should be able to open a page to a private non-public ip address. It shouldn't be allowed."

    What a load of BS. I guess you haven't heard of an Intranet then? How would it be told it's on the internet or an intranet - some corp's have internal servers that -do- have external (firewalled) IP addresses that are accessed from inside the LAN so simply checking it's (local machines) IP wouldn't work.

  35. Anonymous Coward
    Stop

    @Chris Green

    I suspect you already know the answer to that and you're just angling for a "most predictable smart-alec post" award.

    Of course the router is fit for purpose, it routes traffic from one place to another. I don't see any manufacturers advertising their products as totally secure, they just say "our router will route traffic".

    Just because it doesn't say whether uPnP can be disabled on the box doesn't mean you have a legal right to buy it to find out, and then return it for a refund if it doesn't do what you want. Don't get rights mixed up with voluntary returns policies. If you specifically want functionality that isn't mentioned on the box, then you need to ask the reseller and if PC World tell you that uPnP can be disbaled but you then find it can't be, then you have a right to a refund. Of course, trying to get PC World to admit to telling you duff gen is another issue entirely....

  36. golverd
    Flame

    Upnp - no go area

    I never switch on Upnp. Not only is it a bad practice, but in case you have 'smart' windos machines around, they will autodetect the 'feature' and use it to switch the ISP link on/off. So, say you have 4 machines connected and you close down one, all others loose their connection as well. This is what happened on an older speedtouch icm. windos XP.

    It should be switched off by default - always - and I really see no reason for anyone using it at all. The same applies to stupid flash stuff as far as I'm concerned....

  37. Peter Mc Aulay

    Heh

    The only times I ever hear about UPNP it's in connection with a security vulnerability. I don't think I've ever had cause to use it, and I probably never will.

  38. Anonymous Coward
    Anonymous Coward

    Need to know more but don't know enough; where do I start

    I see these regular stories on Reg about holes in routers etc. I've got a software firewall, noscript etc. etc. but I read the stuff above about NAT, port forwards, now UPnP, IPtables for routing and all that, and it's clear that my fragmentary knowledge of IP ("four numbers. Dots inbetween") doesn't cut it. I've two books on networking & they taught me nothing - they really were trivial. So, experts, please recommend a solid book or somewhere to start.

    BTW I work in IT so I'm only a newbie in networks.

    thanks

  39. Graham Jordan

    xbox360

    So when i get home and disable it with my WRT54GL im gone and knackered my 360 live account?

    Goddammit!!!!

  40. golverd

    @anon coward

    With google you can find many of these inforrmation resources. What you should start to learn are the fundamentals. Search for 'TCP/IP networking howto' and a lot will show up.

    This is a reasonable page to get started:

    hxxp://www.pcsupportadvisor.com/TCP_IP_tutorial_page1.htm

    I have learned my original TCP/IP knowlegde from a book connected to the Novell 3.12 NOS. It was a very comprehensive book and perfectly clear. It just does not cover all those 'new thingies' like NAT etc.

  41. Tom Kelsall
    Thumb Down

    Buffalo WHR-G54ES

    ...came with UPnP enabled... but when (way back then) the service was enabled on my PC it used to use up half my CPU and bandwidth so I turned it off by disabling the service on my PC. Having done that, I figured I didn't need it on my router either and disabled it.

    Can't see why people are arguing to be honest. It's cack - turn it off. Make sure when you buy a router that it CAN be turned off.

  42. Anonymous Coward
    Anonymous Coward

    Re: Need to know more but don't know enough; where do I start

    I wouldn't claim to be an expert, but I recall these two being good.

    Data Communications, Computer Networks and Open Systems

    F. Halsall

    # ISBN-10: 020142293X

    # ISBN-13: 978-0201422931

    Computer Networks

    Andrew S. Tanenbaum

    # ISBN-10: 0130384887

    # ISBN-13: 978-0130384881

    There's a lot of overlap there, and I'm not sure they cover upnp which is relatively recent.

  43. Tony W

    SMC Barricade can be OK

    UPNP has long been turned off on my SMC BR14UP and it works fine.

  44. Steve Pettifer

    Never used it

    Since I know that only a very few ports are required for the stuff I use and they are all on one PC on my network I've never used UPnP. Mind you, as I have a linksys router I binned the standard firmware and moved to Tomato - much better than the standard stuff and has UPnP off by default.

  45. Bounty
    Pirate

    Gibson

    @ ryan

    Looking back 7 years ago today, just about every other interface & protocol was insecure. (pre XP... at a time when people were buying Windows ME on new computers! Most users had fat32 file systems!) I wish people had listened, since nobody really did, we have russian computer gangs, massive bot nets, turks defacing websites, chinese pen testing DOD computers, spam, prolific viruses and nigerian royalty.

  46. Steen Hive
    Stop

    Useless

    UPNP is about as much use as an ashtray on a motorbike. If you're too lazy to learn playschool networking, don't network.

    Sometimes this "use stuff even if you don't know how to use stuff" philosophy makes me want to puke.

  47. Mark
    Flame

    The fault is prolly a bit of both

    Flash for not having the ability to switch off UPNP and UPNP for blind obeissance. You might want to also blame the router manufacturers for allowing an untrustworthy protocol to redirect something as necessary as DNS.

  48. Russell Preece

    Has everyone missed the point...

    ...if you don't go to dodgy websites in the first place where these people are likely to have put the crafted flash, then you haven't got a problem.

    Again - common sense and having half a brain prevails.

    I'm leaving my UPnP on, thankyou very much, even if I don't have many applications that use it.

  49. JohnG

    UPNP was intended ...

    ...to be a fix for users who didn't know how to configure their routers. Sadly these are probably the group most likely to be directed to a website with all kinds of whacky exploits.

  50. davcefai

    @ Russell Preece

    Do "dodgy websites" have a banner advertising their dodginess?

  51. Morely Dotes
    Flame

    Well, duh!

    "The problem resides in Universal Plug and Play"

    And nothing more really need be said. The brainless f*ckwits that can't set up their networks without UPnP are going to get infected regardless of Flash.

    And those of us who can follow simple directions don't need UPnP, so we turn it off on every device before allowing an Internet connection.

  52. Mark Thornton

    Flash is flawed too

    It should not allow connections to addresses other than the server on which it is hosted. The Java sandbox imposes this restriction.

  53. Mark Evans

    Zyxel OK

    Looks like at least the Zyxel Prestige 600 series are OK. They seem to have UPnP off by default.

  54. Steven Raith
    Thumb Down

    uPnP bad? Aw :-(

    It saved me the bother of forwarding ports manually.

    Guess it's fixed IPs and manual forwarding for me from...well, whatever evening I can be bothered to set it up...

  55. J
    Linux

    Re:Has everyone missed the point...

    OK, so someone will write (or more probably copy) a nice tutorial on how to use your router safely, or some other networking issue. You know, "Networking for Newbies" type of stuff would fit the bill. And place the exploit there. How about it? When you google for this, this site might show up. You might notice it's not what you were looking for only after you opened it. Happens all the time to me.

    Don't think that only pr0n and h4x0r websites can be "dodgy"...

  56. James
    Flame

    Fuckwit Protocol Designers - XBox Live

    Whoever designed the XBox Live networking should be flayed. It does indeed like to use UPnP to control your router:

    http://www.xbox.com/en-US/support/connecttolive/xbox360/connectionmethods/troubleshootliveconnection-testnat.htm

    This idiocy from the clowns who want to bring you Trusted Computing

  57. Anonymous Coward
    Gates Halo

    Security through obscurity: Win ME

    Netgear RP614v2 - UPnP off by default - phew!

    In any case, my Win ME system is like Fort Knox since I installed RootkitBuster, KAU antivirus and SpyAxe.

    CC#183740940485 Exp12/02/2009 S#869 UsID B0HeM1AN P QUEen1976 NS298554 IR F3887845-D

  58. BitTwister

    @Bounty

    > massive bot nets, turks defacing websites, chinese pen testing DOD computers, spam, prolific viruses and nigerian royalty.

    Nothing to do with the interface & protocols, everything to do with poor quality implementations in a worse quality OS.

  59. BitTwister

    @Linksys WRT54GL + DDWRTv23

    Just got the same kit - now looking forward to upgrading it to a *truly* capable router.

  60. Jules

    this can only be fixed by fixing flash.

    All those saying just switch it off an configure your router manually are missing the point. Most people who benefit from upnp don't have a clue how to do this.

    Telling them to switch off upnp is effectively telling them to give up webcam chats with their loved ones via skype or msn, give up having a tech savvy friends help them with their pc via remote assistance, give up playing online games on their pc or games console - basically give up any application that requires ports to be opened in nat a firewall.

    As with most things, upnp is safe as long as you can prevent a malicious application from running on a pc within the firewall. The fact that flash can act as a malicious program with regard to upnp is the problem. Flash should be modified to specifically prevent it from issuing upnp commands. It is far more practical to do this than to expect millions of non-technical users to modify their router settings.

  61. Anonymous Coward
    Anonymous Coward

    HERE is the solution. Please read !!

    This may assist ;

    http://www.grc.com/unpnp/unpnp.htm

  62. Rebecca Putman
    Happy

    I'm safe, thanks to this article

    After reading this article, I went home and checked my Netgear router. It does have UPnP, and it was enabled. Nothing else associated with UPnP was turned on, and I quickly turned it off. Thanks, Teh Reg!

  63. Quirkafleeg
    Alert

    Re: Has everyone missed the point…

    "if you don't go to dodgy websites in the first place where these people are likely to have put the crafted flash" - hmm, rogue advertising banners, anybody?

  64. Karl A. Anderson
    Thumb Up

    ActionTec DSL Gateway

    When I signed up for DSL with Qwest, they sold me the GT701-WG, similar to the GT704-WG I have now. In both devices, uPNP is OFF by default. A good policy.

  65. Ole Juul

    Confusion about WRT54GL

    I'm a bit confused by comments about this model. Mine is about 2yr old and running the original firmware (v4.30.7) and it does not have any UPnP that I can find. Supposedly it is listed under "Applications & Gaming" but I can't find anything. I was thinking this would be the time to change the firmware, but maby I'll just leave well enough alone.

  66. Anonymous Coward
    Anonymous Coward

    Xbox 360 and XBL

    Some routers are 'certified' as "Xbox Live Compatible", which is a marketing exercise to promote the router for typical home use. Don't fall for it - it just means the router has UPnP enabled as standard. You don't need UPnP on a typical home router and if you're about to buy one, ensure that it can be disabled from the admin screens, especially in light of this exploit.

    To make XBL work on a router without UPnP running, do the following (should work for common Netgear or DLink interfaces, else you'll have to work out the equivalents for your router):

    1. Tell the router to always give the Xbox (identified by its MAC address) the same IP each time -OR- set the Xbox to have a static IP. Either way the goal is to make sure the Xbox always has the same IP.

    2. Create a new service called XBL88 and set it as TCP and UDP port 88. In the Netgears you can select TCP and UDP and have to specify the start and end port, just make them both 88.

    3. Reapeat for a service called XBL3074 for port 3074.

    4. In your firewall rules say that anything inbound for the XBL88 and XBL3074 services is forwarded to the IP address reserved earlier for your Xbox. This is two rules in 'Inbound Services' in the Netgears.

    5. Make sure you apply changes as you go. Boot up the Xbox and confirm it has the correct IP in the Settings / Network blade. Test the connection to XBL, the NAT type should be 'Open'.

    That's it. Forwarding the ports is what UPnP would have done dynamically for you.

  67. Anonymous Coward
    Paris Hilton

    What does flash have to do

    with anybodies router what technical mindless bosh is this I don't even own a router and this seems highly suspect. Yeah ok I read it was unsafe and said duh along with everyone else at the time but heres my question what is flash doing that it needs to control your router.

  68. Pete Wood
    Thumb Up

    Enabled by default on BT Home Hub

    UPnP seems to be enabled by default on BT's Home Hub. Not any more on mine, as of last night. Thanks, El Reg!

  69. Steve

    Re: Confusion about WRT54GL

    On a WRT54GL it's on the Administration tab, Management subtab, right at the bottom. Should be disabled by default.

  70. Anonymous Coward
    Black Helicopters

    Erm....

    Well I read teh GRC page years back, decided I had no need for UPnP and that it was kinda dangrous too boot. So on every Windows PC i have set up or rebuilt, and they do need rebuild regularly, I run unUPuP, and a couple of other GRC products. For example insuring that the message thingy is disabled. I am sure I can do these without the GRC products but it makes it easy.

    I have UPnP turned off (if i remember) in my router, think it was the default, I never have any issues logging in at all, either via its DNS name or its IP address, turning port forwarding rules on so that I could use azureus was easy, azureus actual points you in teh direction of teh help (great app btw). So i have open ports, lovely, oh sorry no i dont cos I only turn those rules on when I want to torrent.

    If a user dosnt wnat to be infected they should go out and learn how to secure their machines. They should learn to be more careful about what they click on, its not hard, just takes a little common sense, for companies to provide routers and other kit in a secure way as default, I am looking at Sky here, amoungest others, and for people actual selling teh kit to have a clue and be approachable and answer questions, its not hard people!!

  71. Anonymous Coward
    Anonymous Coward

    Re: Dodgy websites

    Avoiding dodgy websites isn't so easy...

    Never clicked a link in a search engine without checking the url?

    Never followed a link that claims to tell you about a upnp exploit?

    Never followed a link out of a spam email? (Go on be honest)

    Never read hacking sites?

    Never followed a link out of a wiki?

    Perhaps Flash should be subject to the same kind of security restrictions that a java applet would be under, one of which is that it can only connect to the site it came from.

  72. Anonymous Coward
    Happy

    Netgear WPN824v2 ok

    Just checked and my Netgear doesn't have a feature to turn uPNP off, only one to turn it *on* because, as the help text on the uPNP page says, "The default setting for UPnP is disabled. If disabled, the router will not allow any device to automatically control the resources, such as port forwarding (mapping), of the router." - which seems pretty clear!

    @Death_Ninja/Chris/etc - I've got uPNP disabled (see above) and I don't have any problems my XBox360 on XBox Live - certainly it works enough to download content, get patches and get shot to bits in the Halo3 multiplayer beta. Is there something else I should be getting? Other than not shot repeatedly in Deathmatch of course.... :'(

    Maybe I've just been lucky with my config - which'd be a novelty....

  73. Jon

    Dodgy websites?

    Even trustworthy websites can be turned dodgy

    http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

    I once looked at the london tickets and several others come as links from google when seraching for tickets eg the directline ones.

  74. Ken Hagan Gold badge

    There's no (new) risk here

    It's been a while since I had any reason to play with UPnP, but I vaguely recall that I needed to give myself admin rights before Windows would let me blow holes in my router. Is that still true?

    If you need admin rights then this is a scare story. Any "security hole" that needs admin rights on the local machine to exploit is just FUD. (In this context, Raymond Chen is fond of the Douglas Adams line "It rather involved being on the other side of this airtight hatchway".) On the other hand, if you don't need admin rights to open ports on your firewall/router/whatever, then there's something wrong with your kit.

    Of course, far too many people *are* using admin accounts and using IE to download and automatically run whatever the bad guys want, but UPnP is not part of that picture.

  75. Ole Juul

    Re: Confusion about WRT54GL

    @ Steve: Thanks for clearing that up. It's fixed now, but it was on by default as David Shepherd had mentioned above. I find it a bit disheartening that Linksys would do that. Maby thats a good reason for switching to Tomato like Steve Pettifer did. (same Steve?)

    I find these kinds of menus confusing. My eyes aren't what they used to be and it's easy to fool me with amateurish layout and odd vocabulary such as putting UPnP with passwords instead of with port forwarding. You'd think a company like Linksys would take a more professional approach.

  76. Anonymous Coward
    Anonymous Coward

    XBL NAT type

    To Robert Cross - XBL still works without the relevant ports forwarding through to the Xbox, but there are various restrictions in terms of what you can do. Simplest way is to go to your network blade in the Xbox and test your connection to XBL. Make a note of the type of NAT reported then go here to see the implications.

    http://www.xbox.com/en-US/support/connecttolive/xbox360/connectionmethods/troubleshootliveconnection-testnat.htm

    UPnP or manual forwarding will make it of type "open" which is the most compatible.

  77. Anonymous Coward
    Anonymous Coward

    @Ken Hagan : Admin rights

    Admin rights are not required, the code sends a normal xml request via http to the router which, bafflingly, allows changes to the primary DNS of the router.

  78. Anonymous Coward
    Flame

    @ Gobot

    http://en.wikipedia.org/wiki/SpyAxe

    Or, just search for spyaxe on google. That is a tricky (but not the worst) piece of malware to remove.

    Don't make me get the scarlet "I" out...

  79. Anonymous Coward
    Anonymous Coward

    maybe irrelevant but..

    my Bt white-slab-of-plastic-router-thingy went down and while trying to suss it I came across this:

    The BT Home Hub contains code that is covered by the GNU General Public License (GPL). In accordance with the GPL, BT makes the relevant code available for download below.

    code is on <http://www.btyahoo.com/broadband/adhoc_pages/gplcode.html>

    FYI if you want to poke around.

    BTW thanks for the book recommendations above, much appreciated.

  80. Phil

    Is UPnP The Issue?

    From what I can see the problem isn't with UPnP but with the home gateway router manufacturers' implementation of it.

    Take a look at "Understanding UPnP™: A White Paper" at http://www.upnp.org/resources/whitepapers.asp. Once you get past the Windows ME logo and the 'future tech' verbiage it comes down to an appliance advertising the services it offers.

    Now look at consumer internet gateway routers (IGR) and ask why a consumer IGR needs to allow its internet connection settings or password to be changed via UPnP.

    I can see why an IGR would allow UPnP to configure port forwarding (external to internal) - this replaces the process that I would otherwise need to undertake manually – but why an IGR should offer any other service is beyond me.

    If the only UPnP request that my IGR recognises is one that opens an external port then I’m happy – that’s what I thought it did and my internal application firewall (ZoneAlarm) will let me decide whether a specific application is allowed to listen for incoming internet requests.

This topic is closed for new posts.

Other stories you might like