UPnP Vulnerability
-
Hi, following the news of the recent flash based hack of UPnP is the pfSense implementation vulnerable to this level of manipultion?
the hack was published here http://www.gnucitizen.org/blog/hacking-the-interwebs
-
Two things to note about that article:
- It requires you to be able to guess the IP of the router (which, for most people admittedly will be 192.168.0.1 or 192.168.1.1)
- You have to write a UPnP request that's specific to the router being targetted
Oh, and ultimately it is simply about using UPnP the way it was designed to be used :) The best solution is to ensure you don't run embedded media such as flash etc - if you're using FireFox try NoScript.
-
I was aware of the port forwarding features of UPnP but not of its ability to change DNS servers etc, port redirection isnt much of a concern to me, but DNS alterations are, is there any way to disable this part of UPnP or prevent pfSense DNS Server entries from being altered by it?
-
I'm not sure if pfSense's UPnP implementation supports that, however go re-read my previous post - if you're not using trivially guessable IPs for your pfSense host and the exploit doesn't target pfSense explicitly then you're probably ok.
The following thread may eventually contain some of the answers: http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=433