DEFCON 19: UPnP Mapping (w speaker)
Text to Speech Voices
Speaker: Daniel Garcia
Universal Plug and Play(UPnP) is a technology developed by Microsoft in 1999, as a solution for NAT traversal(among other things). This talk explores the exploiting of port mapping services in UPnP/IGD devices from the WAN. It also talks about a tool called Umap to help process the UPnP requests. Attacking UPnP allows attackers to use devices as a proxy that can establish connections to internal and external IP addresses. The software allows scanning internal hosts behind the device NAT, manual port-mapping(WAN to LAN, WAN to WAN) and a SOCKSv4 proxy service that automatically maps requests to UPnP devices. Most UPnP attacks have focused on the exploiting of UPnP from the LAN side of the device, this talk focuses on attacking from the WAN side. Attackers can use these techniques to hide IP addresses and attack internal hosts behind common household gateway devices.
For more information visit: http://bit.ly/defcon19_information
To download the video visit: http://bit.ly/defcon19_videos
Playlist Defcon 19: http://bit.ly/defcon19_playlist
2012-02-11 03:23:14
source
Gloss