Home Computer Audio Asylum

Music servers and other computer based digital audio technologies.

This could be a big source of DDoS attacks. It's looks easy to fix, but with a loss of remote access.

The vulnerability is limited to internet-facing endpoints, so your home network has to allow externally initiated UPnP sessions.

I use UPnP and probably will continue to do so. It's really the only standard protocol for in-home streaming that isn't locked up and licensed by a particular manufacturer to further their own business interests. It also understands the difference between a server and a control point, which most home streaming protocols do not. For somebody who wants to store all their media in one place and access it via lots of different devices, it's still the *only* choice around.

I use a small commercial firewall/IDS/IPS, a managed switch, and two physically separate wifi networks. I've segregated everything I want to protect (i.e. general purpose computers and a server hosting anything important) from anything media related which I inherently don't trust. I've blocked UPnP UDP and don't allow any externally-initiated TCP sessions for anything. That means my media is not accessible outside of the home, but that's a sacrifice I made for security. I *think* I'm safe.

But I suspect that most people out there are using a wifi router/access point configured to allow external connections to internal UPnP devices, because that's a common default to allow remote access to media servers and security cameras. Most people probably won't care if some hacker gains access to their media, but the bigger worry is that this opens a whole new class of devices to be used in DDoS attacks.

If you have UPnP-enabled devices in your home that receive regular updates, you might already be OK because this affects older UPnP stacks. But if you have older devices which are no longer getting regular updates (I have a few), then you need to block external connection attempts targeting UPnP port numbers. I suspect that the vast majority of users won't know how to do this with their wi-fi router, if they are even aware of the CVE at all. It might be better if ISPs blocked them by default, because there's people out there still using old wifi routers that are no longer supported, but that's going to break anyone who is UPnP for remote access to their media or security cameras.

Beyond that, we collectively need to think about whether the IoT trend is actually bringing us convenience that's worth the security risk. I don't think it is.



This post is made possible by the generous support of people like you and our sponsors:
  Herbie's Audio Lab  


Follow Ups Full Thread
Follow Ups
  • This could be a big source of DDoS attacks. It's looks easy to fix, but with a loss of remote access. - Dave_K 06/12/2006:12:32 06/12/20 (0)

FAQ

Post a Message!

Forgot Password?
Moniker (Username):
Password (Optional):
  Remember my Moniker & Password  (What's this?)    Eat Me
E-Mail (Optional):
Subject:
Message:   (Posts are subject to Content Rules)
Optional Link URL:
Optional Link Title:
Optional Image URL:
Upload Image:
E-mail Replies:  Automagically notify you when someone responds.