Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Windows UPnP vulnerability

  • 13-08-2003 9:41am
    #1
    anthonymcg
    Registered Users, Registered Users 2 Posts: 660 ✭✭✭


    While we're on the topic of vulnerabilities in Windows, I thought I'd bring this to everyone's attention:
    The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP — and may be loaded into Windows 98 and ME — essentially turns every one of those systems into a wide-open Internet server. This server listens for TCP connections on port 5000 and for UDP 'datagram' packets arriving on port 1900. This allows malicious hackers (or high-speed Internet worms) located anywhere in the world to scan for, and locate, individual Windows UPnP-equipped machines. Any vulnerabilities — known today or discovered tomorrow — can then be rapidly exploited.

    (Note that when enabled, XP's built-in Internet Connection Firewall (ICF), and some third-party personal firewalls, are effective in blocking this external access.)

    The full page of info is here: http://www.grc.com/unpnp/unpnp.htm

    I'd advise everyone to disable UPnP as most people are not running firewalls and so the risk of them being involved in a DDoS attack is higher. Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology (check out the rest of his site if you dont believe me). :)


Comments

  • #2
    maxheadroom
    Registered Users, Registered Users 2 Posts: 1,569 ✭✭✭maxheadroom


    Originally posted by anthonymcg
    Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology (check out the rest of his site if you dont believe me). :)

    I'm not sure that checking somebodys website is the best way of determining that they are a trusted source of information. Have a look at http://www.grcsucks.com for the opposing view.

    I'm not saying one is right over the other, just allowing you all to make up your own minds :)


  • #3
    Cake Fiend
    Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Originally posted by anthonymcg
    Steve Gibson know's his stuff when it comes to security and is a trusted source of info on nearly all aspects of technology

    ROFL

    Steve Gibson knows his stuff when it comes to over-hyping things and USING PATRONIZING COLOUR HIGHLIGHTING to emphasize his points.


Advertisement