Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CallStranger
30-06-2020, 22:12 (This post was last modified: 30-06-2020 22:17 by simoncn.)
Post: #10
RE: CallStranger
This issue is not related to whether or not you have a VPN.

It involves the possibilty of some malware exploiting a loophole in the original UPnP specification to cause a UPnP server on your intranet to send a message to establish (or attempt to establish) a UPnP subscription with a UPnP client on the internet.

This would not be prevented by a conventional firewall as this allows intranet devices to send messages to internet addresses and receive responses to these messages, while blocking unsolicited messages in the opposite direction.

To exploit this loophole, the malware would need to gain access to your intranet, which would generally be prevented by anti-virus software. Also, for a UPnP audio server such as MinimServer, any information that could be exposed in this way is very unlikely to be damaging to you or of any value to an attacker. It does not (for example) include any information about the contents of your music library.

Nevertheless, even the small possibility of such as exploit being used by an attacker was considered sufficiently important for the UPnP specification to be updated to block this loophole and for a number of manufacturers to patch their UPnP software to implement the new specification.
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
CallStranger - DrD - 28-06-2020, 09:42
RE: CallStranger - simoncn - 28-06-2020, 16:27
RE: CallStranger - DrD - 28-06-2020, 19:00
RE: CallStranger - simoncn - 28-06-2020, 20:13
RE: CallStranger - simoncn - 28-06-2020, 20:33
RE: CallStranger - DrD - 28-06-2020, 21:01
RE: CallStranger - simoncn - 28-06-2020, 21:26
RE: CallStranger - DrD - 28-06-2020, 23:30
RE: CallStranger - Donuk - 30-06-2020, 13:13
RE: CallStranger - simoncn - 30-06-2020 22:12
RE: CallStranger - Donuk - 01-07-2020, 07:35

Forum Jump:


User(s) browsing this thread: 1 Guest(s)