uPnP Exploit Emerging, Protect Yourself and Keep Gaming
January 18, 2008 by Bill
It has come to my attention that there is an exploit emerging for Universal Plug and Play. In very (overly?) simple terms this means a bad guy can trick your router (and thus every computer on your network) into thinking www.YourBank.com is actually www.PhishingSiteThatWillStealYourIdentity.com, among other things. If you’d like more in depth coverage of this topic I suggest clicking here.
This guide is aimed towards Xbox 360 users, but you can skip any parts that deal with the 360 specifically or adapt those steps to fit your needs. For 99% of the people out there you simply need to connect to your router, switch a radio button, save the settings and reboot. For the rest of us, you need a lesson in port forwarding. This guide is using a late model Linksys router. The general idea is the same for other routers but names, IP address, and appearances may change. I’ll try to give you the information you’ll need to progress.
To begin with we need to be able to identify your Xbox 360 when we’re inside the router. Start the console and tab over to the “Settings” blade and select “Network Settings.” You should see something that looks like this:
You’ll need to write down the IP Address. In my case the address is 192.168.1.102. I’ll refer back to this number later.
Now you’ll need to log in to your router. Open your web browser and type in your router’s IP address. Usually you can take the first three sets of numbers from your Xbox 360’s IP address (in my case 192.168.1) and add a .1 to the end (in my case 192.168.1.1) to connect. Here are a few router addresses for the major manufacturers.
You should be prompted to enter a username and password. You would have created these when you first set up your network. Once you’re inside navigate to the “Administration” tab and you should see a setting for Upnp. Other router manufacturers may hide it under a different menu, but the word Upnp should be universal. Here’s what it looks like on my Linksys.
Make sure to click “disabled” and then save.
Now we need to make sure the Xbox 360 can still get the access it wants through a process called Port Forwarding. First we have to tell the router where to find the Xbox by giving it a Static IP. Navigate to your DHCP server settings page. On my Linksys it’s on the “Setup” general menu and the “Basic Setup” sub-menu. The button to access it is labeled “DHCP Reservation.” Some routers may have your Xbox named and it will be easy to find. Mine doesn’t, so let’s look for the IP address we wrote down earlier.
On my router I simply need to click the check box in the same row as my Xbox’s IP address and then “Add Clients.” Some routers will only show you a list of MAC Addresses. If you’re in this position look at the logs in your router for the IP address you wrote down, near that you’ll see a series of two characters separated by a colon (“:”) which will be the MAC address for your console. Jot that down and go back to the DHCP server configuration page and enter the IP address where appropriate. Be sure to save your settings.
Now we’re going to do the actual port forwarding. We only need to do two ports, which makes this relatively easy. Typically routers will have a “Port Forwarding” menu, but my Linksys uses the nomenclature “Applications & Gaming.” Some routers will let you choose between single port forwarding and port range forwarding, as mine does, others will put it in one large group. If you have the option select single port forwarding. We need to point UDP 88 and UDP/TCP (sometimes called “Both”) 3074 to the IP address for our console that we entered earlier. Make sure to label your port forwarding rules so they are easy to find if you need to modify or delete them later. It should look something like this:
Be sure that you save your settings.
Turn off everything on your network, including your router and cable/DSL modem. Wait about 30 seconds and bring your network back up starting with your modem, then your router, then your Xbox 360. Go back to the network settings tab and make sure it was assigned the same IP that you gave it earlier. If it isn’t you messed up the Static IP setting on the DHCP server step, start up your computer and try again.
Now for the final challenge, go to the “Test Xbox Live Connection” test in the settings blade. The result we’re concerned with here is “NAT.” The ideal result is “Open.” It should look like this:
If everything looks like what I’ve got here, congratulations! You’re now a lot more secure and your XBL connection won’t suffer because of it.
If it doesn’t you either forgot to disable Upnp or you messed up on Port Forwarding. Try again.
If you have any problems feel free to contact my bipedal minion, Bill. I don’t offer him much spare time but I’ll be sure he gets back to you eventually.
Nietzsche the IT Kitty