You are here: Home / Help Center / DSL Support / DSL Security / UPnP Alert

UPnP Alert

by Inka Luoma last modified Feb 23, 2013 01:32 PM
It's rare that OlympusNet issues a security alert. There are so many potential security alerts that if we sent email for even the serious ones you'd soon tire of our calling "wolf". The vulnerability concerns flaws in Universal Plug and Play (UPnP). It's likely that you're not affected by the UPnP alert, but to be sure run the test. It's simple and fast. If affected, your home or business computers could be taken over.

Run the test

  1. Go to Gibson Research Corporation's website at: https://www.grc.com/x/ne.dll?bh0bkyd2
  2. Once the Welcome to Shields UP! page loads, click either of the two Proceed buttons.
  3. On the resulting page whose URL starts https://www.grc.com, click the orange button titled GRC's Instant UPnP Exposure Test.
  4. After a few seconds, you should see one of the three results:
    • ACTIVELY REJECTED OUR UPnP PROBES!  (Green text on a green background)
    • DID NOT RESPOND TO OUR UPnP PROBES! (Green text on a green background)
    • DID RESPOND TO OUR UPnP PROBES!  (Red text on a yellow  background)
  5. If the scan returns a result in green text, you are not at risk. No further action is needed. You're done.
  6. If the scan returns a result in red text DID RESPOND TO OUR UPnP PROBES!, then Disable UPnP in DSL Modems. Additional helpful information appears below the DID RESPOND message on the Shields UP! website.
  7. After disabling UPnP, run the test again. If the scan still gives the DID RESPOND result, please contact OlympusNet.

     

    Additional Information About the Alert

    US-CERT, the United States Computer Emergency Readiness Team, advises all users to manually disable UPnP in their devices' administrative settings. Links to the US-CERT vulnerability notices may be found at: http://www.kb.cert.org/vuls/id/357851 and http://www.kb.cert.org/vuls/id/922681