I've been saying it for years. Steve Gibson's been saying it even longer. Disable UPnP. It's a stupid, unsecure protocol.
Most modern games and software don't require open ports anymore (they do handshaking via a cloud service). The only exception is if you want to host a server on own PC, and if you're going to do that then you should learn how to setup manual port forwards on your router.
https://lifehacker.com/disable-upnp-on- ... 1844012366
New UPnP exploit - for the love of God, disable UPnP!
- FlyingPenguin
- Flightless Bird
- Posts: 32781
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
New UPnP exploit - for the love of God, disable UPnP!
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
- Executioner
- Life Member
- Posts: 10140
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: New UPnP exploit - for the love of God, disable UPnP!
I have Malwarebytes Premium, and when I launch TF2 from Steam, I get a warning about a Trojan. It's identified as a RTP Detection - website blocked. According to this search I did, they responded:
So after the notification block goes away, I don't see any changes in game play.These are web blocks, meaning that some of the servers on the TF2 server list are on IPs that we have identified to host malware. This is common for server based games like this and for other kinds of programs. Since you can still play normally, I wouldn't worry about it.
- FlyingPenguin
- Flightless Bird
- Posts: 32781
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: New UPnP exploit - for the love of God, disable UPnP!
It's just blocking blacklisted IPs some TF2 servers are on. The only difference you would notice is that if Malwarebytes was disabled, you'd have a few more servers available. It doesn't mean the TF2 servers on those IPs are malicious, but they share an IP at a co-location that has other bad actors on it.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: New UPnP exploit - for the love of God, disable UPnP!
I don't understand any of this,,, is this for gaming or something I need to worry about,, I haven't opened any ports (don't know how); router/modem is as it was sent to us by service provider.
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
- FlyingPenguin
- Flightless Bird
- Posts: 32781
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: New UPnP exploit - for the love of God, disable UPnP!
UPnP is port forwarding for dummies. I believe it was created to deal with the early game consoles as they all needed open ports for multiplayer hosting in the early days (nowadays it's probably done with 3rd party server handoffs like most PC games).
Since the average non-techie had no clue how to setup port forwards, UPnP made it simple. If UPnP was enabled on the router (and it usually is by default) the device (be it IoT device, PC, tablet, phone, console, etc) that needed an open port would just ask the router for one automatically. No permissions required, and the spec also doesn't require routers to show any kind of list of ports opened this way, so they don't show up in the router's port forwarding tables. They're effectively invisible unless you do an outside port scan.
That was dandy when the Internet was a kinder, safer place, but UPnP has no security at all so ANYTHING in your network can request ports to be opened, including a device running malicious software or buggy software.
So for example, you could have some cheap webcam that runs a poorly secured SSH server for no good reason, and requests an port forward via UPnP, and you have no idea that your webcam has just opened a back door into your network.
Most router/modems have UPnP on by default. I know XFinity modems do, unless they've wised up. So there's a good chance yours is enabled. No you don't need it. Most people don't. It would be worth logging into your modem to see if it's enabled and disable it.
Since the average non-techie had no clue how to setup port forwards, UPnP made it simple. If UPnP was enabled on the router (and it usually is by default) the device (be it IoT device, PC, tablet, phone, console, etc) that needed an open port would just ask the router for one automatically. No permissions required, and the spec also doesn't require routers to show any kind of list of ports opened this way, so they don't show up in the router's port forwarding tables. They're effectively invisible unless you do an outside port scan.
That was dandy when the Internet was a kinder, safer place, but UPnP has no security at all so ANYTHING in your network can request ports to be opened, including a device running malicious software or buggy software.
So for example, you could have some cheap webcam that runs a poorly secured SSH server for no good reason, and requests an port forward via UPnP, and you have no idea that your webcam has just opened a back door into your network.
Most router/modems have UPnP on by default. I know XFinity modems do, unless they've wised up. So there's a good chance yours is enabled. No you don't need it. Most people don't. It would be worth logging into your modem to see if it's enabled and disable it.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: New UPnP exploit - for the love of God, disable UPnP!
Oh, gosh.
Ok, will see how far I get; thanks, FP.
Ok, will see how far I get; thanks, FP.
Briquette, 1992 - 2008 ~ < Forever In Our Hearts >
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Lily, 1995 - 2009 ~ < Forever In Our Hearts >
The best and most beautiful things in the world cannot be seen or even touched.
They must be felt with the heart. ~ Helen Keller.
Re: New UPnP exploit - for the love of God, disable UPnP!
Not allowed on my Sonicwall firewall. Ridiculous.
------------------------------------------