Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

UPNP vulnerability - Run this test


  • Please log in to reply
16 replies to this topic

#1 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 13,097 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 01 February 2013 - 09:05 AM

It seems a lot of systems have UPNP open improperly to the outside. This should never have been allowed, and is a major issue.

This is an easy test, written by Steve Gibson, where his site checks to see if you are vulnerable:
http://www.grc.com/default.htm

Under Services, go to ShieldsUp!, click Proceed then the UPnP exposure test. If it's exposed to the Internet, then the entire internal network is at risk. It will accept pretty much any command without authentication, including opening ports etc.

...Ads Help To Support This SIte...

#2 OFFLINE   hdtvfan0001

hdtvfan0001

    Hall Of Fame

  • DBSTalk Club
  • 31,803 posts
Joined: Jul 28, 2004

Posted 01 February 2013 - 09:14 AM

Thanks for sharing...

Good to know things passed here.
DBSTalk CHAT ROOM MODERATOR
DirecTV Customer Since 1996

#3 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 13,097 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 01 February 2013 - 09:24 AM

He tweeted that going through his logs (that don't store IP), OpenWRT is vulnerable, which is surprising.

#4 OFFLINE   dsw2112

dsw2112

    Always Searching

  • Registered
  • 1,936 posts
Joined: Jun 12, 2009

Posted 01 February 2013 - 10:04 AM

Thanks for the link. All good here.
SL3-Slimline to SWM16 - DECA
HR34-700, HR24-500, & HR22-100

#5 OFFLINE   dennisj00

dennisj00

    Hall Of Fame

  • DBSTalk Club
  • 8,630 posts
  • LocationLake Norman, NC
Joined: Sep 27, 2007

Posted 01 February 2013 - 12:56 PM

Thanks! DD-WRT good here on a Linksys dual band.

Spending to stimulate the economy as fast as the credit cards will allow!

My Setup / Weather at Lake Norman!/ Boathouse BEES
DLB, MRV, nomad, HDGUI are HERE! . . . We're DONE!


#6 OFFLINE   Richierich

Richierich

    Hall Of Fame

  • DBSTalk Club
  • 8,471 posts
Joined: Jan 10, 2008

Posted 01 February 2013 - 01:26 PM

Everything looking good here also using Linksys WRT610N Dual Band Router. :)
*
DIRECTV CUSTOMER SINCE 1997
Here's My Setup

#7 OFFLINE   Cholly

Cholly

    Old Guys Rule!

  • DBSTalk Club
  • 4,459 posts
  • LocationIndian Trail, NC
Joined: Mar 22, 2004

Posted 12 February 2013 - 11:59 AM

Ran the test this morning and also checked common ports, ets. All passed--my computer is in full Stealth mode. As always, thanks to Steve Gibson for his security efforts.
The UPnP vulnerability was one of the subjects discussed last week on TWIT network's "This Week in Tech". Gibson has a weekly show on TWIT as well.

Charlie
--------------------

Family Room: Samsung UN60F7100 60" LED 3D TV; Samsung  BD-H5900 3D Blu-Ray DVD player; Yamaha RX-V663 AVR. Paradigm speakers - Focus fronts, CC170 center, PDR-8 subwoofer, Atom surrounds, ADP rear center; TiVo Roamio Plus DVR, Toshiba HD-A3 HD DVD player.
Bedroom: Vizio 42" 3D TV, Pioneer VSX-521-K AVR, Panasonic 3D DVD player, Energy Take Classic 5.1 speakers, Roku 2 XD, TiVo Premiere, Insignia HD radio tuner, Toshiba HD DVD player


#8 OFFLINE   MysteryMan

MysteryMan

    Hall Of Fame

  • DBSTalk Club
  • 6,723 posts
  • LocationUSA
Joined: May 17, 2010

Posted 12 February 2013 - 12:03 PM

All good here. Thanks dpeters11.

DirecTV customer since 1995.


#9 OFFLINE   hilmar2k

hilmar2k

    Hall Of Fame

  • Registered
  • 5,251 posts
Joined: Mar 18, 2007

Posted 12 February 2013 - 12:03 PM

I remember running that years ago (maybe 15). Haven't run it in a long time. Actually surprised it still exists.

#10 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 13,097 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 12 February 2013 - 01:00 PM

Steve was talking about how long ago he wrote the original code. It's still valid, especially with this addition. People have even found his one commercial product, that was released 8 years ago, even works on certain levels with Solid State drives.

#11 OFFLINE   ronton3

ronton3

    AllStar

  • Registered
  • 80 posts
Joined: Mar 15, 2006

Posted 13 February 2013 - 03:55 AM

I have a Mac and it shows good, also interesting about the IP address. Thanks ron

#12 OFFLINE   coolman302003

coolman302003

    2014 NBA CHAMPIONS!

  • DBSTalk Club
  • 1,292 posts
  • LocationSoutheast
Joined: Jun 01, 2008

Posted 13 February 2013 - 05:03 PM

Everything passed here; using a Netgear WNDR3700 router.

List of networks with HD VOD content available on DIRECTV   DIRECTV Customer Service Live Online Chat (available from 8am-1am ET)   DIRECTV Regional Sports Network (RSN) fee lookup tool (zip code required)
 
DIRECTV Premium Channel Pricing: 1=$13.99 ($17.99 for HBO) | 2=$25 ($30 with HBO) | 3=$35 ($40 with HBO) | 4=$43 ($48 with HBO) | All 5=$55 per month 
 
My Setup: 5-LNB SlimLine with SWM-16 | HR44-700 w/AM-21N | HR24-200 | H25-100 | H25-100 | C41-500


#13 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 13,097 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 13 February 2013 - 05:43 PM

I'd expect that from them.

#14 OFFLINE   scooper

scooper

    Hall Of Fame

  • Registered
  • 5,772 posts
  • LocationYoungsville NC
Joined: Apr 22, 2002

Posted 13 February 2013 - 06:03 PM

Good here too. (netgear WNDR3700 with Sam Knows software).
You CAN put antennas on your owned and/or controlled property...

http://www.fcc.gov/mb/facts/otard.html

#15 OFFLINE   skinnyJM

skinnyJM

    Legend

  • Registered
  • 118 posts
  • LocationDFW DMA
Joined: Nov 19, 2005

Posted 15 February 2013 - 09:15 PM

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

:)

DIRECTV since April 2000.


#16 OFFLINE   Marlin Guy

Marlin Guy

    Hall Of Fame

  • Registered
  • 2,122 posts
Joined: Apr 08, 2009

Posted 15 February 2013 - 10:53 PM

I got midget porn pop-ups. Is that normal?
Team Mexico Pork Cloud

#17 OFFLINE   houskamp

houskamp

    Hall Of Fame

  • Registered
  • 8,636 posts
Joined: Sep 14, 2006

Posted 15 February 2013 - 10:58 PM

I got midget porn pop-ups. Is that normal?

close the other window 1st :hurah:

AKA: SMOKE
MRV was all that's left on my wishlist (wishlist done) :D





Protected By... spam firewall...And...