[LINK] security issue on routers (and other devices?)
Rick Welykochy
rick at vitendo.ca
Wed Jan 30 05:30:26 AEDT 2013
Kimberley Heitman wrote:
>> Rapid7 is advising businesses and consumers alike to disable UPnP in
>> devices that they suspect may be vulnerable to attack. The firm has
>> released a tool to help identify those devices
>> <http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp>on
>> its website.
>
> 404 now. The forum has a query why the page is down. Rapid7 have instructions on how to use their Metasploit software to list the vulnerable devices, and unlike the tool referenced above is available for Mac and Linux.
I can see the above page, no 404.
Rapid7 say that Metasploit runs on Linux and Mac. But it turns out that
only Linux and Windows are supported.
http://www.rapid7.com/downloads/metasploit.jsp
The downloaded Linux file is a 32 or 64 bit ELF binary.
Perhaps Rapid7 could have taken more initiative and created a web-based probe
that scans for the exploit from the outside, if that is possible. That
would be quite handy and obviate the need to install third party binaries.
Jan, you are correct that locking down MAC addresses for WiFi is a
different issue than the uPnP vulnerability. Here is more about uPnP:
http://en.wikipedia.org/wiki/Universal_Plug_and_Play
In a nutshell, it involves a device on your home network automatically
assigning its own IP address without using DHCP.
cheers
rickw
--
------------------------------------
Rick Welykochy || Vitendo Consulting
Why do people who know HTML write plain text emails and those who
don't attempt to write HTML emails?
More information about the Link
mailing list