DarkFoon wrote:
I'm considering installing the UPnP daemon on some home/home office
boxes, and I'm curious what the security issues are.
From my own (simple) analysis, the worst that could happen is a
malicious application could ask for many, many (almost all?) of the
ports above 1024 to be routed to a machine, and that an external
attacker might be able to use all the port forwards to control said
malicious program from the internet and perhaps wreak havoc on the LAN
net and maybe even the pfSense box (with a keylogger and sniff the pw
for the pfSense admin).
As Scott said, you're right on.
In a home environment, I wouldn't hesitate much to enable it if it's
useful for a certain application. I've never heard of any malware that
exploits uPnP, nor have I heard stories of any attackers using it. It's
much more likely they would use outbound channels to tunnel things back
in, like using SSH for example. There are so many ways to contact or
control a PC inside your network, or tunnel back into your network
without actually opening ports into your network that it adds little risk.
If an outsider can execute arbitrary things inside your network as
required to exploit uPnP, you're owned regardless of whether or not you
have uPnP enabled.
