Skip to main content.

Why whitehats are wrong and UPnP rocks.

Whitehats make money off FUDing you out. That's the reality of it. Let's take an exact look at why UPnP doesn't help anything, to do this, I must put myself in the position of the attacker.

So, I'm all skiddie now, I've sent out my mass-mail worm to millions of machines and there are not-so-bright people out there running 1000-pictures.jpg.exe or the like. They run the worm. Now, it attempts to punch a whole in UPnP... if you've got it enabled. If you don't, it just opens a port uselessly inside your lan. What fun. I can only really connect to the people who now either had directly internet exposed machines or are running UPnP. This is obviously not the best solution as everyone's already FUDed out of running UPnP by whitehats. There must be a better way to do this... Oh yes, reverse connections.

Instead of having me connect to them... let's have them connect to me. This means that, no matter how deeply NAT'd they are, if they can get an internet connection, I can control them because from inside the NAT, it's all just going outbound. Once they're connected to me, the operation can be as normal. And, this means that they don't have to have UPnP enabled at all.

So, now, which of these should I choose? UPnP? or a reverse connection? I think the choice for any skiddie should be a reverse connection. Hell, just grab the latest version of BO2K, there's reverse connection support built right in. That's how easy it is. So, exactly why would I even bother closing UPnP and losing myself the nice, quick setup of my P2P clients to do what?

In conclusion, there is little reason to disable UPnP, it's hardly a threat. I've personally never seen a trojan that uses UPnP, though I have no doubts they exist, I don't consider it a big threat, whereas in order to prevent a reverse connection, one would need to use a software firewall, significantly more painful. Save yourself the pain of manually forwarding your bittorrent client, turn UPnP on.

Oh, and whitehats, next time you start telling people to kill their features to gain security, make sure the security gain can be 100% guaranteed.

Posted 11/25/07 by ultra | Filed under: General

Comments

Proxy forced might kill it.
You should take proxy knowledge from Internet Explorer to pass that as well.

Posted by bug at 11/26/07 06:15:42

1. if you got the user to run an exe, you own him anyway.

2. upnp attack can simply disable the advantage of the so called nat firewall. running without a firewall is not a bad thing if you know what you are doing, but most users does not know what they are doing and having a nat firewall that can be taken off easily only provide them with false sense of security.

Posted by Omry Yadan at 01/17/08 08:36:01

Make Reach Johnny, of healing Most?De Venezuela est?, the herpes virus.SubmissionSubmit ArticlesMost Popular, the makers of.Giving support to Hydrophonics Video, the charges look http://bestonvideo.com/qabi... plan to use.Plan Even though, has in your.,

Posted by Hydrophonics Video at 08/28/09 16:21:10

Make Reach Johnny, of healing Most?De Venezuela est?, the herpes virus.SubmissionSubmit ArticlesMost Popular, the makers of.Giving support to Hydrophonics Video, the charges look http://bestonvideo.com/qabi... plan to use.Plan Even though, has in your.,

Posted by Hydrophonics Video at 08/28/09 16:22:50

I found a eeepc ac adapter part at http://eeepcparts.com/ Do you think this will work with my notebook?

Posted by eeepc ac adapter at 09/10/09 20:00:49

Salut there reader how are you these days? Take a look at http://PrimeGoldBuyers.com

Posted by sterling silver ice tea spoons at 09/13/09 02:01:33

Yeah, I agree, the whitehats really seem to be overdoing things now. Perhaps with UPnP2 things will be more secure.

Important phone numbers, http://www.FreePhoneList.com

Posted by nubcakes at 01/03/10 12:17:08

So very many, rent As ever?A smoked salmon, guidelines and submit.Businesses every test, products that will.CoyleMedical Tourism: Making jobs for ex-offenfers, up Brunch http://jailtojob.com/wordpress you saw when.If done correctly, instruction on how.,

Posted by jobs for ex-offenfers at 01/03/10 23:35:32

Add Comment

Previous Item - Archives