[491] in resnet


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: Millenium Universal PnP

daemon@ATHENA.MIT.EDU (Eric Rosenberry)
Mon Dec 3 17:29:49 2001

MIME-Version: 1.0
Content-Type: multipart/alternative;
              boundary="----=_NextPart_000_0068_01C17C04.4553D580"
Message-ID:  <GLEOKLAKEIBLAAKKFHEIKEOACKAA.eric@rosenberry.org>
Date:         Mon, 3 Dec 2001 14:10:32 -0800
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Eric Rosenberry <eric@ROSENBERRY.ORG>
To: RESNET-L@listserv.nd.edu
In-Reply-To:  <001201c17c39$4c0f3650$49e18d89@webrp>

This is a multi-part message in MIME format.

------=_NextPart_000_0068_01C17C04.4553D580
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Here is OSU’s web page dealing with this:

http://www.rcn.orst.edu/helpfaq/upnp.php

I actually found a way to detect all of the machines on our network running
UPnP and then based on the IP’s they were using we correlated them to users
and sent about 700 people an email telling them about the problem and giving
them a link to the above page.

I have also found a way to tell the difference between packets generated by
the vulnerable version of UPnP and patched versions of UPnP.  This way we
can continue to identify vulnerable computers and inform the owners.

If anybody wants details please let me know and I will throw together an
email detailing it.

-Eric

-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@listserv.nd.edu]On Behalf Of Raphael Web
Sent: Monday, December 03, 2001 12:30 PM
To: RESNET-L@listserv.nd.edu
Subject: Millenium Universal PnP

I do recall several e-mails being sent throughout the listserv about
disabling Win ME Universal plug and play, but I LOST THEM!!!!  Can someone
please remind me how to disable this feature in Win ME?  It would be highly
appreciated.  Thank you.

Raphael Web
SUNY Oneonta

------=_NextPart_000_0068_01C17C04.4553D580
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 9">
<meta name=3DOriginator content=3D"Microsoft Word 9">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C17C04.44CD6770">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:Zoom>0</w:Zoom>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:553679495 -2147483648 8 0 66047 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
        {margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
span.EmailStyle15
        {mso-style-type:personal-reply;
        mso-ansi-font-size:10.0pt;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1027"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1"/>
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=3Dwhite lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>

<div class=3DSection1>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>He=
re is
OSU&#8217;s web page dealing with =
this:<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><!=
[if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><a=

href=3D"http://www.rcn.orst.edu/helpfaq/upnp.php">http://www.rcn.orst.edu=
/helpfaq/upnp.php</a><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><!=
[if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>I =
actually
found a way to detect all of the machines on our network running UPnP =
and then
based on the IP&#8217;s they were using we correlated them to users and =
sent about
700 people an email telling them about the problem and giving them a =
link to
the above page.<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><!=
[if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>I =
have
also found a way to tell the difference between packets generated by the
vulnerable version of UPnP and patched versions of UPnP.<span
style=3D"mso-spacerun: yes">&nbsp; </span>This way we can continue to =
identify
vulnerable computers and inform the =
owners.<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><!=
[if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>If=
 anybody
wants details please let me know and I will throw together an email =
detailing
it.<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dnavy face=3DArial><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><!=
[if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoAutoSig><!--[if supportFields]><span =
class=3DEmailStyle15><font=20
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Arial'><span =
style=3D'mso-element:field-begin'></span><span=20
style=3D"mso-spacerun: yes">&nbsp;</span>AUTOTEXTLIST \s &quot;E-mail=20
Signature&quot; <span =
style=3D'mso-element:field-separator'></span></span></font></span><![endi=
f]--><font
color=3Dnavy><span style=3D'color:navy'>-Eric</span></font><font =
color=3Dnavy><span
style=3D'color:navy;mso-color-alt:windowtext'><o:p></o:p></span></font></=
p>

<p class=3DMsoNormal><!--[if supportFields]><span =
class=3DEmailStyle15><font=20
size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Arial'><span =
style=3D'mso-element:field-end'></span></span></font></span><![endif]--><=
span
class=3DEmailStyle15><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><![if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dblack
face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma;color:black'>-----Original
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Resnet Forum
[mailto:RESNET-L@listserv.nd.edu]<b><span style=3D'font-weight:bold'>On =
Behalf Of
</span></b>Raphael Web<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Monday, December =
03, 2001
12:30 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> =
RESNET-L@listserv.nd.edu<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Millenium =
Universal PnP</span></font></p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
face=3D"Times New Roman"><span
style=3D'font-size:12.0pt'><![if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:black'>I do
recall several e-mails being sent throughout the listserv about =
disabling Win
ME Universal plug and play, but I LOST THEM!!!!&nbsp;&nbsp;Can someone =
please
remind me how to disable this feature in Win ME?&nbsp; It would be =
highly
appreciated.&nbsp; Thank you.</span></font><font color=3Dblack><span
style=3D'color:black;mso-color-alt:windowtext'><o:p></o:p></span></font><=
/p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D3 =
color=3Dblack
face=3D"Times New Roman"><span =
style=3D'font-size:12.0pt;color:black'>&nbsp;</span></font><font
color=3Dblack><span =
style=3D'color:black;mso-color-alt:windowtext'><o:p></o:p></span></font><=
/p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:black'>Raphael
Web</span></font><font color=3Dblack><span =
style=3D'color:black;mso-color-alt:windowtext'><o:p></o:p></span></font><=
/p>

<p class=3DMsoNormal style=3D'margin-left:.5in'><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:black'>SUNY
Oneonta</span></font><font color=3Dblack><span =
style=3D'color:black;mso-color-alt:
windowtext'><o:p></o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0068_01C17C04.4553D580--

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[491] in resnet

Re: Millenium Universal PnP

daemon@ATHENA.MIT.EDU (Eric Rosenberry)Mon Dec 3 17:29:49 2001

daemon@ATHENA.MIT.EDU (Eric Rosenberry)
Mon Dec 3 17:29:49 2001
