UPnP attack
John Wendel
john.wendel at metnet.navy.mil
Fri Jan 18 22:22:02 UTC 2008
Alan Cox wrote:
> On Sat, 19 Jan 2008 06:43:59 +0900
> John Summerfield <debian at herakles.homelinux.org> wrote:
>
>> Les wrote:
>>> Hi, guys,
>>> I just got this from a Tech Republic newsletter:
>>> http://blogs.techrepublic.com.com/tech-news/?p=1902
>>>
>>> Basically it notes a form of attack using port forwarding by use of
>>> Flash and Javacode. However, probably other scripting languages could
>>> be used. It is not OS or browser dependent, but rather depends on the
>>> standard protocols of UPnP and and the Flash plug-in programing
>> standard _windows_ protocol. I've not heard of Linux doing it.
>
> UPnP is a dreadful protocol but its perfectly possible to do it on Linux.
> UPnP is an abomination for managing/controlling routers and other devices
> so its quite possible your router talks it
>
Azureus uses it to automagically open ports on your router (if you let
it).
Best to disable it in your router config.
Regards,
John
More information about the fedora-list
mailing list