EH-Net

Columns => Heffner => Topic started by: don on December 04, 2008, 01:47:37 AM


Title: [Article]-Plug-N-Play Network Hacking
Post by: don on December 04, 2008, 01:47:37 AM
Although Craig has been continuing to submit articles to EH-Net, he was not allowed to officially have a 'column' due to his employer. That restriction has been lifted, so welcome back to the family.

Permanent link: [Article]-Plug-N-Play Network Hacking (http://www.ethicalhacker.net/content/view/220/24/)

Quote

(http://www.ethicalhacker.net/images/stories/columns/heffner/upnp/upnp-logo-exploded_sm.jpg) (http://www.upnp.org/)

Universal Plug-N-Play (UPnP) (http://www.upnp.org/) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.


As always, please add your feedback here and make any suggestions for future articles.

Don

Title: Re: [Article]-Plug-N-Play Network Hacking
Post by: hjelmvik on December 07, 2008, 12:11:41 PM
Nice article. It seems as if developers are putting UPnP support in most embedded devices nowadays. It's even used outside of local area networks in some cases!

Have you tried NetworkMiner by the way? It is a fully passive tool that also can extract details from broadcasted UPnP data. Check it out at:
http://networkminer.sourceforge.net/ (http://networkminer.sourceforge.net/)

/erik

Title: Re: [Article]-Plug-N-Play Network Hacking
Post by: Craig on December 07, 2008, 03:34:00 PM
Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn't a complete list. Active queries and XML parsing is key if you want to really examine a UPnP implementation.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com