D-Link Forums

Announcements => Security Advisories => Topic started by: BAMoh on May 20, 2017, 07:05:29 AM

Title: Check you UPNP Settings
Post by: BAMoh on May 20, 2017, 07:05:29 AM

Check your setup for UPNP vulnerability.  Run the above test.
FYI to run MDL its not necessary to have UPNP enabled in your router nor your cam(s). Also do not enable port fowarding in your cams. By default the latter two are not enabled in your cams. By default UPNP may be enabled in your router.  If you make the suggested changes, you will not lose remote access. It will be limited to 1 minute but you can request access again immediately. The tradeoff is you improve the security of your setup.

Its best practice to disable UPNP if it is not absolutely necessary.

If any disputes this then please post why below.
Title: Re: Check you UPNP Settings
Post by: FurryNutz on May 20, 2017, 09:49:56 AM
How about grammar? Check "your"?  ::)

Your information is inaccurate, again. The URL you provide is not supported by GRC:
"Browser Reload Suppressed
For your security, your web browser's "reload"
function has been temporarily disabled
Allowing a web browser to "reload" a page which has already been sent to you creates a "security hole" that would allow someone using your computer at any later time to attain potentially private and personal information.

To safeguard your privacy we have disabled the browser's "reload" or "refresh" facility while you are in sensitive areas of our web site. Reloading pages will function normally once you have left this area . . . but until then please refrain from "reloading" pages.

You may press your browser's  [BACK]  button now to return to the page prior to the one you were just viewing.

Thanks very much for your interest and patronage."

Ensure you post correct and accurate link URL information before posting.
http://forums.dlink.com/index.php?topic=66781.0 (http://forums.dlink.com/index.php?topic=66781.0)

I got a GREEN passing for my test. uPnP is enabled on my system. If your not getting a GREEN passing for shields up, then you need to check with your routers Mfr for updated FW or get into a different router Mfr.

It's up to users to check there routers FW and maintain updates. uPnP isn't the problem. It's users mis-configurations or mis-understanding of everything involved. uPnP is currently safe to have enabled. At least on D-Link products. User need to check with there perspective HW Mfrs for information regarding there HW.

Good Luck.
Title: Re: Check you UPNP Settings
Post by: BAMoh on May 20, 2017, 06:23:00 PM
Link was incorrect yes.  Users can just go to shields up and find it.

Regardless of your opinion, most IT professionals and security experts suggest disabling UPNP. For purposes of MDL its simply not necessary.

Here we have a situation where a customer is sharing their findings on how MDL can be implemented without UPNP. Because they are contrary to what you repeat over and over, you take issue with it. Why not accept it as what it is which is a great suggestion.
Title: Re: Check you UPNP Settings
Post by: FurryNutz on May 20, 2017, 06:35:02 PM
The other postings of your information was out of date. Not all users see problems with uPnP. Your the only one that has issues or seems to have issue with it. Thats fine if disabling uPnP works for you. A troubleshooting step is valid. If others had such issues, there would be more postings about it and D-Link would be aware of issues. uPnP is safe and works well on D-Link products. If your not using a D-Link router then maybe you should post your information on forums for what your router Mfr is using. The router is the main point of access and use for uPnP. Not all users are effected by issues your seeing. I posted configurations I've been using for years with uPnP enabled and have not seen any issues with having uPnP enabled. Nor do others or they would be posting about. Most IT professionals work on a Business or Enterprise level which and maybe uPnP is not really needed or supported. So of course IT pros and security professional would probably say that. Doesn't mean it realistically applies to all. uPnP is mostly a home class user feature between devices and client devices.

If you have issues with uPnP or your products, you'll need to contact support and let them know about it.

Good Luck.  ;D