HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 37 guests online
 
Advertisement

You are here: Home arrow Columnsarrow Heffnerarrow [Article]-Plug-N-Play Network Hacking
EH-Net
May 24, 2013, 03:10:21 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Plug-N-Play Network Hacking  (Read 35666 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4168


Editor-In-Chief


View Profile WWW
« on: December 04, 2008, 01:47:37 AM »
Although Craig has been continuing to submit articles to EH-Net, he was not allowed to officially have a 'column' due to his employer. That restriction has been lifted, so welcome back to the family.

Permanent link: [Article]-Plug-N-Play Network Hacking

Quote



Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.


As always, please add your feedback here and make any suggestions for future articles.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
hjelmvik
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #1 on: December 07, 2008, 12:11:41 PM »
Nice article. It seems as if developers are putting UPnP support in most embedded devices nowadays. It's even used outside of local area networks in some cases!

Have you tried NetworkMiner by the way? It is a fully passive tool that also can extract details from broadcasted UPnP data. Check it out at:
http://networkminer.sourceforge.net/

/erik
Logged
Craig
EH-Net Columnist
Jr. Member
*****
Offline Offline

Posts: 69


View Profile WWW
« Reply #2 on: December 07, 2008, 03:34:00 PM »
Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn't a complete list. Active queries and XML parsing is key if you want to really examine a UPnP implementation.
Logged
http://www.sourcesec.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.084 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.