Re: [Linux-igd-devel] Security issues to address...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Armijn Hemel wrote:
> hi,
> 
>> So, the security issue here is that a malicious control point can add a 
>> port mapping that let an external entity to connect to your IGD on a 
>> port and then forward this connection to another external host 
>> pretending to be your IGD?
>> I see only two minor bad issues with this scenario:
>> - Unnecessary traffic is passing through your IGD
>> - The external host (RemoteHost upnp arg) can be fulled to allow the 
>> connection based on your IP.
> 
> And basically turn your router in an involuntary onion router. I wouldn't
> call that "a minor bad issue" ;)
I understand. Bad evaluation/wording on my part.
> 
>> Don't get me wrong. I *do* appreciate your vulnerability report and the 
>> check should be implemented.
>> However, unless we implement e.g. DeviceSecurity service, a malicious 
>> control point in the LAN can open up whatever port pleases it and be 
>> upnp correct anyway ;-)
> 
> Yes, unfortunately. UPnP is flawed by design. Too bad there are so many
> machines using it...
> 
Yeah, I know, that is why I disabled UPnP on my home router :-(
Nevertheless, I *do* care to participate in developing a complete 
(first) and secure (later) one here :-)

Thanks again.
> armijn
> 

-- 
______________________________________________________________
Nektarios K. Papadopoulos
Senior Engineer
Software Engineering Group
inAccess Networks
95A Pentelis Avenue.    Tel    : +30-210-6837640
152 34 Halandri Athens  Fax    : +30-210-6899504
______________________________________________________________