January 14, 2008
I said it for years it is a bad idea to enable UPnP on systems that protects your local network and/or PC from the internet. With UPnP any program on you PC is able to open â€œfirewallâ€ ports on your home router without requiring a user interaction. UPnP may has its purpose at streaming media within a secure network, which I’m not totally convinced anyway, but letting any malicious or bad written program open your PC/network for the whole internet is plain stupid. Ok, this is all known for years â€“ why now this post?
Some folks at GNU Citizen have created a flash swf file capable of opening open ports into your network simply by visiting an malicious URL. This is done via the UPnP functionality common home routers provide. As flash is installed on the majority of personal computers this is a significant attack vector, specially since a â€œflash adâ€ can be inserted quite easily into trusted websites or by hacking such a website.
As this is not a new thread I can just repeat my normal statement when it comes to setting up a home router:
- Throw the disk away
- Plug in your machine, Turn on the router and navigate to the Web-GUI
- Turn off UPNP
- Change default name and password, set WPA-PSK
- Check that remote management is disabled