ZyXEL Communications P-335WT Manual de usuario descargar pdf (Pagina 15)

The question that should be asked is how far we want to go with this type of

technology. The core issue is what is more important, security or convenience, and

also when this is more important.

11 Conclusion

Zero conﬁguration is not going away anytime soon. Quite the opposite seems to

be true. More and more devices are supporting UPnP, or will support its IETF

counterpart, Zeroconf. This paper has shown there are serious problems with UPnP,

the protocol that is most widespread, without any good solutions that don’t involve

disabling the protocol, implementing a lot of workarounds, or completely redesigning

the protocol.

A Tested Internet Gateway Devices

For this paper as many devices and ﬁrmware revisions as possible were tested. Not

all devices actually do forwarding or Network Address Translation (for example,

the Asus WL-HDD which was tested is just an access point), but all of the devices

tested here implement the Internet Gateway Device. Per vendor and per device the

following are described:

• model: device model, including hardware revision, if any

• ﬁrmware revision

• device: type of device

• NAT bug: is this device vulnerable to the InternalMachine attack as de-

scribed in this paper?

A.1 Asus

A.2 WL-HDD

model ﬁrmware device NAT bug

WL-HDD 2.5 wireless access point and ﬁle server yes

The Asus WL-HDD is a Linux based wireless access point, with room for a laptop

harddisk and built-in Windows ﬁleserver using Samba. Even though the WL-HDD

cannot do NAT – it is used as a bridge – it does implement the Internet Gateway

Device and WANIPConnection proﬁles. The device allows for port mappings, but

these are of no practical use. However, there is a bug in the implementation. If

a portmapping is requested, the port that is in the ExternalPort in the SOAP

request will be ﬁltered by the ﬁrewall, even when there is already a service running

on that port, such as the webinterface for conﬁguration or Samba. The ﬁrewall rule

will be deleted when the device is rebooted. Still, it is a simple way to lock users

temporarily out of the system.

It is interesting to note that this device uses the UPnP stack from the same vendor

as the Linksys WRT54G.

1 2 ... 10 11 12 13 14 15 16 17 18

Sin comentarios

ZyXEL Communications P-335WT Manual de usuario Pagina 15