Comments on: UPnP: The Saga Continues

By: pdp

pdp — Wed, 23 Jan 2008 17:44:43 +0000

yes, as well as BT Home Hub is just http://api.home and most routers will respond to http://home

By: Avee

Avee — Wed, 23 Jan 2008 17:26:18 +0000

My Thomson WL780i resolves http://speedtouch/ to the router itself. No need to find out its IP-Address.

By: Markus

Markus — Wed, 23 Jan 2008 10:47:55 +0000

Why you dont send a email to them? Maybe they change it then

By: iilab

iilab — Tue, 22 Jan 2008 05:36:29 +0000

Is that true?

By: pdp

pdp — Mon, 21 Jan 2008 11:20:07 +0000

AJ, I seriously do not understand what you are trying to say. In the previous posts we showed how to exploit UPnP on most routers as most devices have such facilities but only available for the local network. In this post we warn that there are many externally facing devices that has UPnP functionalities enabled as well. The first scenario requires the browser to perform the request since the attacker does not have local access. The second scenario provides the attacker with the ability to send the right type of require straight to the device without the need of any convoluted attack setup.

By: AJ

AJ — Mon, 21 Jan 2008 11:02:17 +0000

The proof-of-concept that is shown goes after the known ip address of the router.

By: pdp

pdp — Mon, 21 Jan 2008 10:49:21 +0000

AJ,

has nothing to do with LAN or multicast addresses. The attack is directed to devices that have public IP addresses and UPnP enabled on public HTTP ports.

By: AJ

AJ — Mon, 21 Jan 2008 10:40:50 +0000

Is the attack directed at the ip address of your LAN interface or a multicast address., and if so would changing the default addresses give any protection