Is anyone lookign at uPNP security concerns from a pen. testing point of view.

Seems to be getting a lot of attention and maybe worth chatting about or putting together a list of tools that can be used for uPNP exploitation.

Most of the attacks are Internal Network Attacks but they can be positioned from the outside ie. the Internet.

Comments ?

Cheers
Raz

Give this a read, its about using a Flash/uPnP exploit open port on a firewall:

http://www.gnucitizen.org/blog/hacking-the-interwebs

http://www.gnucitizen.org/blog/flash-upnp-attack-faq
-----------------
Edit:

And this "exploiting IGDs remotely via UPnP"

http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5

Any good Network Admin has uPNP turned off on all computers, since it's such a blasted chatty protocol. I despise it, and eliminate it with due prejudice.

Any good Network Admin has uPNP turned off on all computers, since it's such a blasted chatty protocol. I despise it, and eliminate it with due prejudice.

The FBI even recommends M$ users to never run it on a internet connected machine.

The FBI even recommends M$ users to never run it on a internet connected machine.

I have it configured as a group policy that it gets disabled automatically on any machine on my domain. If you want your network to run slow, have it run on a whole bunch of machines. It's a POS protocol that serves no porpoise.