old notes

questions

#networking #dmx #portforwarding #UPnP #questions

Questions

Ask Class:

  • hardening approach for UPnP & does it have a usage case that justifies its high security risks? (Other than as a commodification of convenience and the very human desire to optimize for short-term profits and immediate convenience over the future stakes like security or the planet.)
  • dynamic ports

DMZ vs port-forwarding vs UPnP

DMZ: Demilitarized Zone

  • How does a new printer, camera, coffee pot or toy know how to attach to your network and then configure your router to allow for port access?

Port-Forwarding:

  • forward some ports of the router to allow external traffic
  • grant external devices access to host systems on home or LAN networks

Step-By-Step of Port-Forwarding:

Sending request from source:

(1) connection req sent from device to router with details of device's IP address and an associated port for the request. The device is the host or source for the connection.

(2) Router then reads the request and maps the device's IP address and port with the router's public facing IP and a relevant port. This is stored in the Network Address Translation (NAT) table.

Response from destination: – destination makes a connection request back to router with the router IP address and a specific port – router checks NAT table for the specific IP address/port combo for an open connection – if found, request is passed to the device/port – once connection closes, entry on table is deleted

Port-Forwarding Usages:

  • backups: makes it easy to access
  • virtual desktops
  • CCTV / security
  • game servers

Types of Port-Forwarding:__

  • local port forwarding: bypass firewall in network so you can access other computers or services on same network. Secure file transfer tunneling or connecting to a remote file share over internet.

  • Remote Port Forwarding: allows anyone from remote end to connect to remote server in local network on TCP port 8080. Connection will be tunneled to host computer to port 80.. Shares internal web app on public platform.

  • Dynamic Port Forwarding: client is securely connected using ssh or SOCKS proxy server for data transmission on untrusted network.

UPnP: Universal Plug and Play

  • a protocol that lets networked devices automatically open a port on the router to let you communicate with your gadget remotely
  • zero config
  • Usage: IoT, VoIP, p2p
  • can be used for NAT traversal or Firewall punching??? – basically any device, including malware, can issue a UPnP request to the router to open a public port???

UPnP Risks:

  • no authentication or authorization
  • no official implementation so every router has its own; some routers are discoverably by WAN
  • any malicious program on network can use UPnP
  • can use router as a proxy to spread malware, steal CC info, perform phishing attacks, DDoS attacks, etc
  • Mirai botnet brute force approach to scan for exposed telnet ports likely added by UPnP + trying default passwords, loaded Mirai software, transforming device into bot spewing out UDP packets targeted at Dyn

From this: https://www.upguard.com/blog/what-is-upnp

UPnP exploitation can result in more than just the connection of an infected device. Here are just a few examples of the malicious actions that are possible with UPnP:

  • Connecting internal ports to the router's external-facing side to create gateways ('poking holes') through firewalls.
  • Port forwarding the router web administration details
  • Port forwarding to any external server located on either their surface or dark web.
  • Changing DNS server settings so that a decoy credential stealing website is loaded instead of legitimate banking websites.
  • Modifying administrative credentials
  • Modifying PPP settings
  • Modifying IP settings for all interfaces
  • Modifying the WiFi settings
  • Modifying or terminate internal connections