[Article]-Plug-N-Play Network Hacking

  • This topic is empty.
Viewing 2 reply threads
  • Author
    • #3089
      Don Donzal

      Although Craig has been continuing to submit articles to EH-Net, he was not allowed to officially have a ‘column’ due to his employer. That restriction has been lifted, so welcome back to the family.

      Permanent link: [Article]-Plug-N-Play Network Hacking


      Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

      This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.

      As always, please add your feedback here and make any suggestions for future articles.


    • #20878

      Nice article. It seems as if developers are putting UPnP support in most embedded devices nowadays. It’s even used outside of local area networks in some cases!

      Have you tried NetworkMiner by the way? It is a fully passive tool that also can extract details from broadcasted UPnP data. Check it out at:


    • #20879

      Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn’t a complete list. Active queries and XML parsing is key if you want to really examine a UPnP implementation.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?