SECURITY ALERT: Universal Plug and Play Vulnerability - Comments Page 1

UPnP sure makes connecting to new printers or other hardware much easier. If we turn it off now, could we just temporarily turn it on in the future just long enough to get some hardware set up then turn it off again? I may be waaaaaay confused on how UPnP works.

Tried to run the router scan. Wheel went round and round. It said the scan should complete within 30 seconds. I closed the window after five minutes.

Tried to download the Windows scan. Downloaded but would not run.

Great company there.

I've heard about the UPnP problem in the last few days, however...Rapid7 Router Security Check never returns with any results, it basically runs forever until you kill it. And their ScanNow for UPnP tool requires insecure Java to be installed on my computer which is not going to happen. I'm not so sure about Rapid7's motives. I've never heard of them before and after they crashed my Windows Explorer, twice, I suspect that spyware is now installed on my PC.

EDITOR'S NOTE: I would not refer my readers to a site that installs malware. Rapid7 is 100% trustworthy. Also, I addressed the Java issue in a special note on the page. Have another look...

Once again Bob, you rock, and I for one, am so grateful for all these things you bring to our notice.

I have run the Rapid7 Router Security Check and got a clear result.

Do I ALSO need to download and run Rapid7's free ScanNow for UPnP tool, (I use Windows) or is the router check sufficient?

Second, is this router security check something I should run regularly or is this one check sufficient?

Well, I followed your links and clicked on the "Scan Now" button - and nothing happened. I scrolled down and there were no entries referring to vulnerabilities. My question now is: what kind of scam BS spyware was just installed on my computer, and how do I find it to remove it?

EDITOR'S NOTE: No scam, no BS, no spyware. Rapid7 is 100% trustworthy.

I've got mine set to MANUAL.

I'm a faithful reader of your Geekly Updates and appreciate the useful information. I ran the Rapid7 Security Router test, thankfully, my router was safe.

Also, I turned off Windows UPnP services, so hopefully, I will be safer when surfing the internet. Thanks for helping us mere mortals, like myself, feel more confident when using our computer. :)

What does this Rapid7 message mean?

{green tick] Congratulations! Your router did not respond to a UPnP discovery request.

EDITOR'S NOTE: That means your router is not vulnerable, which is good!

Just checked my ZyXel P-660HW-T1 v2 Router and found the UPnP default setting is set to off. You had me worried for a moment.

I clicked on the link for Metasploit but it appears that Metasploit is only available for Windows and Linux.

Does this issue affect DSL Modem devices?
My Westell 7500 Router is not in the device list.

Thanks, Bob! I ran the ScanNow for UPnP and I had no vulnerabilities!

What's next now? Maybe we should just turn off our computers and go to the next level of technology, but wait, that will probably be comprised if even sooner than it took for our present technology to take place...sigh!

If I stop the Windows SSDP Discovery, Then I bet the USB devices I constantly plug and unplug would create more of a problem?

I use kindle and android as well as lots of external USB drives!
This would be interesting if I needed to start and stop the service for local PnP devices.

There's a catch 22 with the UnPNP scanner. It requires Java and Java itself poses almost as much a threat as UnPNP. The online checker works fine. You might want to mention this to your readers. My boss (Leo Notenboom) suggests staying away even from patched versions of Java as problems keep coming up.

EDITOR'S NOTE: I addressed the Java issue in a special note on the page. Apparently people are not noticing it, since I got this same comment from several readers. Look for the yellow boxed note.

Disabled UPnP in services as shown. Immediately was told that my Win 7 needed to be registered within two days!!! The regular Windows "pop-up" appeared - register now or later! I went back and turned SSDP back to manual, and no more "registering" needed!

EDITOR'S NOTE: That's odd. Are you using an unregistered version of Windows? (If so, that's a problem.)

Thank you so much for always alerting us and looking out for us when things like this happen! I really appreciate the fact that you realize there are us "newbies" out here and explain exactly how to do something. You're the best Bob!

Hi,
I ran the Rapid 7 router security check and apparently have no problems with UPnP. However, it did install a large number of files on my system in the process. Inctrl5 shows 129 files added in various directories. It also showed quite a few registry entries added to my system.

For many, many years (probably 15 or more) Steve Gibson of Gibson Research Corporation has warned about the dangers of UPnP and has even provided a free simple program to turn it "off" or "on" at
http://www.grc.com/UnPnP/UnPnP.htm
That webpage has a very thorough discussion of the problem.

EDITOR'S NOTE: I'm aware of that page. However, it was written in 2001, and includes no mention of the greater problem, which is the router vulnerability.

Thanks for the tip off Bob. I installed JAVA to run the checks then uninstalled it.I'm running WinXP SP3 on a fairly old machine with a 3 year old router so was pleasantly surprised to pass the tests!

I passed the Router test, but I'm not going to install Java RTE to get ScanNow for UPnP to work. Perhaps there is another way?

EDITOR'S NOTE: Maybe Metasploit. I have not tried it to see if it needs Java.