Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Windows UPnP vulnerability

  • 13-08-2003 09:41AM
    #1
    anthonymcg
    Registered Users, Registered Users 2 Posts: 663 ✭✭✭


    While we're on the topic of vulnerabilities in Windows, I thought I'd bring this to everyone's attention:
    The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP — and may be loaded into Windows 98 and ME — essentially turns every one of those systems into a wide-open Internet server. This server listens for TCP connections on port 5000 and for UDP 'datagram' packets arriving on port 1900. This allows malicious hackers (or high-speed Internet worms) located anywhere in the world to scan for, and locate, individual Windows UPnP-equipped machines. Any vulnerabilities — known today or discovered tomorrow — can then be rapidly exploited.

    (Note that when enabled, XP's built-in Internet Connection Firewall (ICF), and some third-party personal firewalls, are effective in blocking this external access.)

    The full page of info is here: http://www.grc.com/unpnp/unpnp.htm

    I'd advise everyone to disable UPnP as most people are not running firewalls and so the risk of them being involved in a DDoS attack is higher. Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology (check out the rest of his site if you dont believe me). :)


Comments

  • #2
    maxheadroom
    Registered Users, Registered Users 2 Posts: 1,569 ✭✭✭maxheadroom


    Originally posted by anthonymcg
    Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology (check out the rest of his site if you dont believe me). :)

    I'm not sure that checking somebodys website is the best way of determining that they are a trusted source of information. Have a look at http://www.grcsucks.com for the opposing view.

    I'm not saying one is right over the other, just allowing you all to make up your own minds :)


  • #3
    Cake Fiend
    Registered Users, Registered Users 2 Posts: 5,333 ✭✭✭Cake Fiend


    Originally posted by anthonymcg
    Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology

    ROFL

    Steve Gibson knows his stuff when it comes to over-hyping things and USING PATRONIZING COLOUR HIGHLIGHTING to emphasize his points.


Advertisement