Pentest Your Home Network for UPnP Vulnerabilities
There is a feature known as Universal Plug and Play (or UPnP) that is enabled by default in most consumer routers. It's goal is to ease the management of NAT'd networks and keep the home user from having to specify static routes to get their devices functioning from the inside private network out to the wide blue internet. Like many technologies that aim to ease administration in the form of automation, it falls way short on the side of security. Here is how to test and see just what UPnP is exposing through your router.
This free test has been generously developed and made available by Steve Gibson at his site, "The Gibson Research Corporation" or http://www.grc.com
To run the test go to his site
www.grc.com
Once there, just click on the Services menu at the top and then the ShieldsUP! option.
This free test has been generously developed and made available by Steve Gibson at his site, "The Gibson Research Corporation" or http://www.grc.com
To run the test go to his site
www.grc.com
Once there, just click on the Services menu at the top and then the ShieldsUP! option.
Next, read the disclaimer about use of the site and then click Proceed.
Finally, click on the huge orange UPnP Exposure test button and see just what UPnP allows an outside attacker to see. Once you have been sufficiently shocked, look up instructions on how to disable it. If possible, go ahead and disable Wifi Protected Setup while you are at it.
Comments