topic Re: UPNP Extended Security in Tech Help - Software/Hardware etc

UPNP Extended Security

fydrenak — Tue, 09 Feb 2021 16:28:28 GMT

Hi all, I am developing an application which uses UPNP to create peer to peer connections through NAT. I have had no issues with several routers using SSDP multicast to discover UPNP devices on the local network. However my Plusnet Hub One seems to not respond to the multicast requests. It does however respond to a unicast message sent straight to the router, but this is inadequate for my use as I want to find all devices on the network. Does anybody know on a low level what UPNP Extended Security actually does, and if it could be the source of this problem?

Thank you.

Re: UPNP Extended Security

7up — Fri, 12 Feb 2021 00:43:04 GMT

You're new here and your first post is asking for information that would help you circumvent the plusnet router security!

You don't really expect help on this do you?

Re: UPNP Extended Security

fydrenak — Fri, 12 Feb 2021 00:55:00 GMT

That's quite a hostile response but I will ignore it as my intentions are not as you imply.

Quite the opposite, I would like to understand this feature so I can ensure my program functions correctly for users that have this security feature enabled. If the feature makes what I'm trying to do impossible, then I will make no efforts to circumvent it. I simply want to understand it to make sure I'm not making an error.

Re: UPNP Extended Security

dvorak — Fri, 12 Feb 2021 07:22:04 GMT

I doubt you will find the answers here, perhaps try reddit.
Or your own ISP forums, if you're not a PN customer.

Re: UPNP Extended Security

7up — Tue, 16 Feb 2021 11:06:12 GMT

@fydrenak wrote:

That's quite a hostile response but I will ignore it as my intentions are not as you imply.

Quite the opposite, I would like to understand this feature so I can ensure my program functions correctly for users that have this security feature enabled. If the feature makes what I'm trying to do impossible, then I will make no efforts to circumvent it. I simply want to understand it to make sure I'm not making an error.

Well consider this, you've turned up on the plusnet forum talking about a plusnet hub one and wanting to know how to get around it's upnp limitations from a security perspective.

That's like turning up on a van forum saying you've locked yourself out of your van and need help getting back into it - nobody will assist you.

Even if you are legit plusnet don't make any technical details about their router available to us.

Re: UPNP Extended Security

Mook — Tue, 16 Feb 2021 11:40:02 GMT

@fydrenak - You refer to UPNP as a security feature when it has more holes than a sieve!

Re: UPNP Extended Security

fydrenak — Tue, 16 Feb 2021 12:14:12 GMT

@7up The inaccurate simile is wholly unnecessary. I have never once asked how to 'get around' any 'upnp limitations'. As I said before; I have no intention of circumventing anything, I merely want to understand what the limitations are so I know what is possible to do legitimately. I am not interested in any hacks or workarounds, I just want to know what this option on my router actually does.

I would greatly appreciate it if the contents of my question were focused on instead of making baseless judgements about me personally. That makes for a pretty toxic way to welcome new members of the forum.

The final line in your reply is the only constructive one, but I at least thank you for it. I assumed that all the settings users can control on the router are documented somewhere, else how are consumers expected to decide whether or not to enable/disable the feature without knowledge of what it does? That is the only level of information I am looking for.

Re: UPNP Extended Security

fydrenak — Tue, 16 Feb 2021 12:17:15 GMT

@dvorak Thank you, I might try Reddit as well but I generally try to avoid it. For what it's worth, I am a Plusnet customer. The only reason I have access to multiple brands' routers is that I switch between multiple places of living fairly frequently, and I have asked some of those around me to test my program and send me the response.

Re: UPNP Extended Security

Mook — Tue, 16 Feb 2021 12:24:00 GMT

@fydrenak I assume you've read the RFC for this:

https://tools.ietf.org/html/rfc6970

This will explain everything you need to know.

Re: UPNP Extended Security

fydrenak — Tue, 16 Feb 2021 12:24:15 GMT

@Mook I never referred to UPNP itself as a security feature, but to 'UPNP Extended Security' as it is written in the router settings, which I think can safely be called a security feature. UPNP could be considered a security risk but the fact is sometimes people want to build peer to peer networks with a 'plug and play' client. Expecting your average consumer to find their local IP, keep it static, and manually port forward is a bit much. Also, assuming UPNP is configurable only from the LAN, if you have malicious code that would use UPNP you have far bigger problems and UPNP being enabled. And disabling it likely stops absolutely nothing. Evidently the industry agrees with me as people have been trying to call it insecure for years but it is still very widely used.

If you think there is something I have not considered in my security assessment of UPNP I welcome the information.

Re: UPNP Extended Security

Mook — Tue, 16 Feb 2021 12:35:19 GMT

I'd hardly call quoting 'UPNP Extended Security' a security assessment but each to their own I guess. To be honest I don't use the Plusnet Router so I don't know in what context the aforementioned quote actually refers to so I will say no more but I do recommend you read the RFC, it will be time well spent.

Re: UPNP Extended Security

fydrenak — Tue, 16 Feb 2021 12:36:49 GMT

@Mook Thank you for that link, I have been working from the specification of UPNP device architecture specification (http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf) when building my implementation. I admit to not being familiar with the PCP IWF. Is this what is expected to be used by modern applications?

Re: UPNP Extended Security

fydrenak — Tue, 16 Feb 2021 12:39:50 GMT

@Mook My assessment is what I outlined in why I think UPNP is not too insecure for use in modern applications. I reviewed what it enables and I don't think it allows an attacker to do much more than they would be able to do anyway given that they're inside the network. The quote of the name was my response to the comment that i called UPNP itself a security feature.

Re: UPNP Extended Security

Mook — Tue, 16 Feb 2021 12:52:18 GMT

It's always been my understanding that an RFC is the defacto standard for this kind of thing and when I've had to deal with protocols this is my first port of call.

But UPnP is bad news, do a search of the CVE site using UPNP and you'll get an idea.

Re: UPNP Extended Security

topgallant — Thu, 08 Jul 2021 15:57:00 GMT

@7up

"You don't really expect help on this do you?"

What a ridiculous response !

15,000 posts and this is how you behave in response to a new person asking a perfectly natural question.

Perhaps you have come to think that you are so important that it's your job to be rude to anyone who doesn't spend all their time here ?

Maybe that's why your fixes to posts ratio is so low.

Of course the OP should be able to know how his router works.

I also want to know, as I'm investigating whether this router is vulnerable to NAT slipstreaming.

Is that ok with you ? - It probably isn't relevant, but how can I tell unless I know what this bland unhelpful label "Advanced Security" actually means.

Security Through Obscurity is a discredited approach.

In any case the OP is already logged in to the router advanced settings - how much worse can it get. Apparently he already pwned his network.