Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 2 of 3 FirstFirst 123 LastLast
    Results 11 to 20 of 23

    Massive UPnP Security Issue - Sky router affected?

    This is a discussion on Massive UPnP Security Issue - Sky router affected? within the Sky Router forums, part of the Sky Broadband help category; I see from www.grc.com/unpnp/unpnp.htm that the ShieldsUP! Port Probe checks for the UPnP TCP server running on port 5000 and ...

    1. #11
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,367
      Thanks
      388
      Thanked 160 Times in 154 Posts
      Blog Entries
      1
      I see from www.grc.com/unpnp/unpnp.htm that the ShieldsUP! Port Probe checks for the UPnP TCP server running on port 5000 and allows you to see whether or not that port is exposed to the world.

      Haven't run ShieldsUP! for a long time!

      Maybe this is an easier (and more trusted) way to check the situation than downloading and installing something from a website that I've never heard of before today?
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)


    2. Advertisement
    3. #12
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Massive UPnP Security Issue - Sky router affected?

      That article is over 12 years old Speedy and refers to XP in particular. The vulnerability exposed by Rapid7 is right up to date. As I said earlier I don't really see the point in scanning from the network side of the router as it ignores the protection given by the router's firewall. I can't help thinking that this is going to effect PCs connected directly to the internet and will have little effect on those behind a router.

      Like you I prefer to rely on reports from GRC, which are run against your router. The only way to check a particular machine would be to disable the firewall completely.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    4. #13
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,367
      Thanks
      388
      Thanked 160 Times in 154 Posts
      Blog Entries
      1
      Agreed. It's an old article but I thought it was relevant to the recent rapid7 article in that the commonality appears to be that the SSDP Discovery Service is the key to the vulnerability.

      But I have to confess that I haven't had time to fully read both articles and compare them and give it all any deep thought as I am supposed to be working!
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    5. #14
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Massive UPnP Security Issue - Sky router affected?

      I am supposed to be working!
      Ahh, is that why you are invisible?

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    6. #15
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,367
      Thanks
      388
      Thanked 160 Times in 154 Posts
      Blog Entries
      1
      I'm always invisible...
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    7. #16
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,367
      Thanks
      388
      Thanked 160 Times in 154 Posts
      Blog Entries
      1
      One last thing for now. In the absence of recent comment from grc on this issue, I turned to Graham Cluley at Sophos for some background info and/or comment and got this (which may or may not be relevant and/or interesting):

      http://www.nakedsecurity.sophos.com/...curity-camera/

      Now, to quote Young Mr Grace, "I really must get back to it, whatever IT is"...
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    8. #17
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Massive UPnP Security Issue - Sky router affected?

      I couldn't get your link to work properly but a bit of sniffing around brought me to it eventually. As pointed out this refers to cameras in particular but could include other devices.
      Maybe this link will work better.

      What if your security camera were an insecurity camera? | Naked Security

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    9. #18
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,367
      Thanks
      388
      Thanked 160 Times in 154 Posts
      Blog Entries
      1
      Thanks! Sorry about that, I'm posting from my phone but was looking at the website on a computer and transcribed the URL (presumably badly!)
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    10. #19
      BroadbandKing's Avatar
      BroadbandKing is offline Sky User Member
      Exchange:
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+HD 1Tb
      Join Date
      Jun 2011
      Posts
      304
      Thanks
      11
      Thanked 6 Times in 6 Posts

      Re: Massive UPnP Security Issue - Sky router affected?

      Looks like the grc site has been updated to include the test on the latest security warning regarding the UPnP exposure.

      go to the grc website, select shieldsup, then proceed, you will then see an orange box with the exposure test.
      Click on the orange box and check out your router.

      Could not provide a link as the grc site will not allow a direct link to work.

    11. The Following User Says Thank You to BroadbandKing For This Useful Post:

      speedyrite (01-02-13)

    12. #20
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      317
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: Massive UPnP Security Issue - Sky router affected?

      Tried the test on SR101 from a mac, no issues and came back clean.

    13. The Following 2 Users Say Thank You to itype For This Useful Post:

      Scubbie (01-02-13),speedyrite (01-02-13)

     

     
    Page 2 of 3 FirstFirst 123 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2020. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION