[Article]-Plug-N-Play Network Hacking



User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Dec 04, 2008 2:47 am

[Article]-Plug-N-Play Network Hacking

Although Craig has been continuing to submit articles to EH-Net, he was not allowed to officially have a 'column' due to his employer. That restriction has been lifted, so welcome back to the family.

Permanent link: [Article]-Plug-N-Play Network Hacking


Universal Plug-N-Play (UPnP) is a protocol that allows various network devices to auto-configure themselves. One of the most common uses of this protocol is to allow devices or programs to open up ports on your home router in order to communicate properly with the outside world (Xbox, for example, does this). The UPnP protocol is built on top of pre-existing protocols and specifications, most notably, UDP, SSDP, SOAP and XML.

This article will address some of the security issues related to UPNP, briefly describe the inner workings of the protocol, and show how to identify and analyze UPNP devices on a network using open source tools. While we will be specifically focusing on IGDs (Internet Gateway Devices, aka, routers), it is important to remember that there are many other devices and systems that support UPNP as well, and they may be vulnerable to similar attacks.

As always, please add your feedback here and make any suggestions for future articles.




Posts: 1

Joined: Sun Dec 07, 2008 1:04 pm

Post Sun Dec 07, 2008 1:11 pm

Re: [Article]-Plug-N-Play Network Hacking

Nice article. It seems as if developers are putting UPnP support in most embedded devices nowadays. It's even used outside of local area networks in some cases!

Have you tried NetworkMiner by the way? It is a fully passive tool that also can extract details from broadcasted UPnP data. Check it out at:



EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Sun Dec 07, 2008 4:34 pm

Re: [Article]-Plug-N-Play Network Hacking

Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn't a complete list. Active queries and XML parsing is key if you want to really examine a UPnP implementation.

Return to Heffner

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software