Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hake]

Does anyone have any views or opinions about UPNP enabled routers?  I would particularly like to know if there are any UPNP insecurity issues with the BT Voyager 2100 and Solwise SAR110 routers that people should be aware of.

[kitz]

Hi hake

Ive used both of the above routers long term and found them both very stable..  Ive not myself seen any issues with them as regards to UPNP.

[hake]

The post was stimulated by the information at the far end of this URL: -
http://www.informationweek.com/news/personal_tech/showArticle.jhtml?articleID=205800419

It would seem that router hijacking is of some concern.  I have tried to find the malicious site with the naughty flash content so I can try it to see what happens but without success.  The router is effectively taken over by a trojan horse operating inside the host and so eluding the router's firewall.  I have done the following on my own systems: -

1. Use the software firewall (in my case through the Blockpost plugin of Agnitum Outpost Firewall Pro 4) to block all traffic from the host to the router's IP address and vice versa;
2. I use Threatfire (seriously good FREE security software from www.threatfire.com) and this permits me to create a rule which prompts when a process tries to send traffic to the IP address of the router (which covers me when the Blockpost defence is down).
3. Each of my hosts uses its own DNS server addresses which means I'm not vulnerable to subversion of the DNS addresses obtained from the router.

These three defences cover the potential insecurity quite well I think.

[kitz]

Gosh that takes me back a bit, because I remember first getting my SAR and there was a complaint going around at the time that it didnt support upnp properly.. and how upnp was really good and made things much easier.
Although I obviously later updated the firmware because of other things, I never really bothered with upnp and alway did my own port forwarding.

With the 2100 I cnat honestly remember whether I ever enabled it or not - I just left it at the default setting, which I dont know if was on or off. I never seemed to have any problems with either router.

Router hi-jacking seems to be the "in thing" atm - particularly DNS hijackers and theres another possible hijack, that targets routers that still have the default u/n and password. - link  Like you I also set DNS on the local machines rather than using the router.

The best thing is to turn off upnp and make sure that you dont use the default router login settings.
Your other suggestions are also very good too, to ensure that your network is locked down and all bases covered.

[hake]

Thanks Kitz.    The web page your link points to is rather reassuring.  Strong passwords and locally stored DNS settings are obviously vital.  One interesting point is about setup wizards.  The SAR110 and SmartAX MT882 have no such setup wizards but the BT Voyager 2100 does.  However, I don't think that my excessively long password will be defeated, certainly not by brute force dictionary methods.

[kitz]

yw

>> The SAR110 and SmartAX MT882 have no such setup wizards

I think because as a total n00b to adsl, I "cut my teeth" with a SAR110.. thats why I shy away from config wizards and set up disks and prefer to do it myself even if there is one.

[hake]

I have discovered a paper on the subject of router security which is the most informative I have read so far.

The link is : -
http://www.sourcesec.com/Lab/soho_router_report.pdf

I think it will be of interest to readers of this thread.

[mr_chris]

Very interesting, thanks hake It'll make for some good bedtime reading

[kitz]

Thanks for that link Hake. 

I started reading it and it is very interesting.  I too will have to have a proper read when I can sit down and digest it all properly.

[guest]

I turn uPnP off on every device - its always seemed like an accident waiting to happen to me