[494] in resnet
Re: Millenium Universal PnP
daemon@ATHENA.MIT.EDU (Norm Myers)
Mon Dec 3 18:17:35 2001
MIME-version: 1.0
Content-type: multipart/alternative;
boundary="============_-1204701363==_ma============"
Message-ID: <a05100306b831b52d7702@[128.223.123.229]>
Date: Mon, 3 Dec 2001 15:11:57 -0800
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Norm Myers <nmyers@OREGON.UOREGON.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <GLEOKLAKEIBLAAKKFHEIKEOACKAA.eric@rosenberry.org>
--============_-1204701363==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Very nice page, clear and to the point. OSU gets points for that but
thankfully they don't count for Saturdays game, Go Ducks :)
Yes, I'd like to see how you detected and separated the vulnerable machines.
Norm
>Here is OSU's web page dealing with this:
>
>
>
><http://www.rcn.orst.edu/helpfaq/upnp.php>http://www.rcn.orst.edu/helpfaq/upnp.php
>
>
>
>I actually found a way to detect all of the machines on our network
>running UPnP and then based on the IP's they were using we
>correlated them to users and sent about 700 people an email telling
>them about the problem and giving them a link to the above page.
>
>
>
>I have also found a way to tell the difference between packets
>generated by the vulnerable version of UPnP and patched versions of
>UPnP. This way we can continue to identify vulnerable computers and
>inform the owners.
>
>
>
>If anybody wants details please let me know and I will throw
>together an email detailing it.
>
>
>
>-Eric
>
--============_-1204701363==_ma============
Content-Type: text/html; charset="us-ascii"
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: Millenium Universal PnP</title></head><body>
<div>Very nice page, clear and to the point. OSU gets points for
that but thankfully they don't count for Saturdays game, Go Ducks :)
</div>
<div><br></div>
<div>Yes, I'd like to see how you detected and separated the
vulnerable machines.</div>
<div> Norm</div>
<div><br></div>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080">Here is OSU's web page dealing with this:</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080"> </font><br>
</blockquote>
<blockquote type="cite" cite><a
href="http://www.rcn.orst.edu/helpfaq/upnp.php"><font face="Arial"
size="-1"
color="#000080">http://www.rcn.orst.edu/helpfaq/upnp.php</font></a><br
>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080"> </font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080">I actually found a way to detect all of the machines
on our network running UPnP and then based on the IP's they were
using we correlated them to users and sent about 700 people an email
telling them about the problem and giving them a link to the above
page.</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080"> </font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080">I have also found a way to tell the difference between
packets generated by the vulnerable version of UPnP and patched
versions of UPnP. This way we can continue to identify
vulnerable computers and inform the owners.</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080"> </font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080">If anybody wants details please let me know and I will
throw together an email detailing it.</font><br>
</blockquote>
<blockquote type="cite" cite><font face="Arial" size="-1"
color="#000080"> </font><br>
</blockquote>
<blockquote type="cite" cite><font color="#000080">-Eric</font><br>
</blockquote>
<div><br></div>
</body>
</html>
--============_-1204701363==_ma============--
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
