Comments on: Security flaws in Universal Plug and Play

By: Anon

Anon — Sat, 18 May 2013 23:34:47 +0000

mikeisfly: That link gives an error. Seems like the site is a little too paranoid.

By: How I Met Your SSH | TechSNAP | Jupiter Broadcasting

How I Met Your SSH | TechSNAP | Jupiter Broadcasting — Fri, 01 Mar 2013 00:43:35 +0000

[...] week we had a question of uPNP and pfSense – The pfSense blog has the official answer – pfSense uses an updated version of miniupnp, and has always done so, the vulnerable ones [...]

By: mikeisfly

mikeisfly — Thu, 07 Feb 2013 00:50:00 +0000

Steve Gibson of the Spin Rite fame and Shields UP has built a uPNP vulnerability tool at https://www.grc.com/x/ne.dll?rh1dkyd2 . This will check to see if your router is responding to uPNP probe request on your public port. I just checked mine and everything is all good. The first thing I do when setting up residential routers is turn the uPNP setting off. Hope this helps someone.

By: Chris Buechler

Chris Buechler — Sun, 03 Feb 2013 07:32:11 +0000

PV: doesn’t get much easier than our client export with OpenVPN, unless you like the nasty browser-based SSL VPNs which are a real support headache in comparison. Slightly more effort to install up front, but significantly less effort to support on an ongoing basis from what I’ve seen and heard from our commercial support customers.

By: PV

PV — Sat, 02 Feb 2013 16:24:54 +0000

Yeah, I’ve always been paranoid about uPnP. Then again, I’m paranoid about a lot of things dealing with the net. Mostly of things breaking. IT is one of those fields where you argue with the directors for the best you can get, and usually have to settle for something far less than what you need. So far pfsense offers a lot of things that our paid-firewalls just cant match. Unfortunately our paid firewalls also have some really, really easy to use VPN options for our end users which makes our IT lives much simpler. If pfsense keeps up the quality I’ve seen and the 2.1 release follows through on that, I’ll be tempted to use it in more than just my home. IPv6 is something I’m going to need full support for in the next few years.

By: Angus S-F

Angus S-F — Sat, 02 Feb 2013 01:02:52 +0000

FWIW the ScanNow tool requires Java. They have a java-free scanner at this page: “Universal Plug and Play Check by Rapid7″
http://upnp-check.rapid7.com/

By: Falha de segurança no UPnP deixa milhões de usuários vulneráveis | pfSense-BR

Fri, 01 Feb 2013 14:40:33 +0000

[...] o post do Chris no blog do pfSense sobre a [...]

By: Beat

Beat — Wed, 30 Jan 2013 09:26:54 +0000

Well done guys!

Open source *is* far superior to closed source, and that’s not only just because developers know that others might be looking above their shoulders, and by nature encourages them to follow best practices, but also because of all the open mind that comes with it.

I’m predicting 2013 to be the year where large portions of users start realizing that open source is a better model for everyone.

Keep the great work going! Looking forward to 2.1 with full IPv6 support, as 2013 will also be the year of IPv6 and of a lot of commercial “NAT firewalls” not firewalling anything anymore that is IPv6, as they don’t NAT.