Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Ban UPnP? Re: The Mirai botnet



Finally, I see a company name attached to this Mirai botnet problem: Hangzhou
Xiongmai Technologies, whose devices leave an essentially unprotected (and
unprotectable) telnet server open.

http://qz.com/819391/a-collision-of-chinese-manufacturing-globalization-and-consumer-ignorance-could-ruin-the-internet-for-everyone/

The article mentions nothing about UPnP, though, so I'm still left wondering
how the attack happened. Another article notes Xiongmai's response, which
includes a product recall:

http://www.welivesecurity.com/2016/10/24/webcam-firm-recalls-hackable-devices-mighty-mirai-botnet-attack/

And their IPC (IP camera) product specs do include UPnP, so presumably it's
enabled by default and causing also-unsecure Netgear/DLink/Linksys defaults to
leak their open TCP ports out onto the open Internet.

What will these router vendors' response be? And is it appropriate to begin a
campaign to discontinue support for UPnP (by all products everywhere), as was
done a few years ago for the non-secure wifi WEP auth protocol?

-rich





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org