I.E. Bomb Script

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.
0 Transitional//EN">

<HTML><HEAD><TITLE>UnPlug n' Pray - Disable the Dangerous UPnP Internet
Server</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="Steve Gibson, GIBSON RESEARCH CORPORATION" name=AUTHOR>
<META content="UPnP, Universal Plug and Play, Disable UPnP, steve gibson"
name=KEYWORDS>
<META
content="UnPlug 'n Pray - Take control of Windows' insecure and dangerous Internet
UPnP server"
name=DESCRIPTION>
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY bgColor=white>
<CENTER>
<TABLE cellSpacing=0 cellPadding=0 width="85%">
<TBODY>
<TR>
<TD align=middle colSpan=2><FONT
face="Verdana, Arial,Helvetica,Sans-Serif,MS Sans Serif" color=#000099
size=-1><IMG height=73
src="UnPlug n' Pray - Disable the Dangerous UPnP Internet
Server_files/upnp2.gif"
width=500 border=0><BR><IMG height=5
Server_files/transpixel.gif"
width=1 border=0><BR>Instantly and Easily Control Windows' Insecure,
Exploit-Prone and<BR>Probably Unnecessary Universal Plug and Play Network
Support</FONT><BR><IMG height=10
width=1 border=0><BR></TD></TR>
<TR>
<TD><FONT face="Verdana, Arial,Helvetica,Sans-Serif,MS Sans Serif"
color=#999999 size=-2>Page last modified: Jan 04, 2002 at 15:21</FONT></TD>
<TD align=right><FONT
face="Verdana, Arial,Helvetica,Sans-Serif,MS Sans Serif" color=#999999
size=-2>Developed by Steve Gibson</FONT></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="85%" border=0>
<TBODY>
<TR>
<TD><FONT face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
color=#000066 size=-1><IMG height=5
Server_files/darkbluepixel.gif"
width="100%" border=0>
<P>
<CENTER><B><FONT color=#003399 size=+1>The FBI has Strongly Recommended
that<BR>All Users Immediately Disable Windows'<BR>Universal Plug n' Play
Support</FONT>
<P><FONT color=#660066>Our 22 kbyte "UnPlug n' Pray" utility makes that
very<BR>easy to do . . . and if ever needed, to later undo:</FONT></B>
<P><FONT color=#006600 size=+0><B>Now compatible with <U>ALL</U> Versions
of Windows!</B></FONT></CENTER></FONT></P></TD></TR></TBODY></TABLE><IMG
height=8
width=1 border=0><BR>
<TABLE cellSpacing=0 cellPadding=10 border=0>
<TBODY>
<TR>
<TD><A href="http://grc.com/files/UnPnP.exe"><IMG height=137
Server_files/noinstall2.gif"
width=175 border=0></A></TD>
Server_files/enabled2.gif"
Server_files/disabled2.gif"
width=175 border=0></A></TD></TR></TBODY></TABLE>
<P>
<TBODY>
<TR>
color=#000066 size=-1>
<CENTER><FONT face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
color=black size=+1><B><A href="http://grc.com/files/UnPnP.exe">Click this
link</A>, or the images above, to<BR>download the 22k byte UnPlug n'
Pray.</B></FONT></CENTER>
<P>
<TABLE cellSpacing=0 cellPadding=1 bgColor=#666666 border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=5 bgColor=white border=0>
<TBODY>
<TR>
<TD><FONT
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
color=black size=-1><B>Note:</B> The FBI's NIPC (<A
href="http://www.nipc.gov/">National Infrastructure Protection
Center</A>) has apparently reversed their original opinion.
They no longer assert that Microsoft's Universal Plug &
Play services should be disabled for extra protection. The
most recent update to their previous two notices � which did
advise users to disable the UPnP services � no longer includes
this advice.<BR><IMG height=8
width=1 border=0><BR>As you will see below, we believe that
the FBI's original security advice was correct. Leaving
unneeded and potentially vulnerable Internet services running
makes no sense. Doing so is foolhardy, pointless, and
insecure. Why would
you?</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<P><BR><BR><FONT color=#003399 size=+1><B>What is all the fuss
about?</B></FONT><BR>On <B>Thursday, December 20, 2001</B> Microsoft
revealed that the hackers at eEye had discovered multiple critical
security flaws in all versions of Windows using Universal Plug and Play:
<P>Quoting from <A
href="http://www.eeye.com/html/press/PR20011220.html">eEye's press
release</A>:<BR><IMG height=5
<TABLE cellSpacing=0 cellPadding=1 bgColor=black border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=15 bgColor=#e8e8e8 border=0>
<TBODY>
<TR>
<TD><FONT
color=black size=-1>"eEye has discovered three vulnerabilities
within Microsoft's UPnP implementation: a remotely exploitable
buffer overflow that allows an attacker gain SYSTEM level
access to any default installation of Windows XP, a Denial of
Service (DoS) attack, and a Distributed Denial of Service
(DDoS) attack. eEye would like to stress the extreme
seriousness of this vulnerability. Network administrators are
urged to immediately install the patch released by Microsoft
at <A
href="http://www.microsoft.com/technet/security/bulletin/MS01-
059.asp">http://www.microsoft.com/technet/security/bulletin/MS01-
059.asp</A>"<BR><IMG
height=10
width=1 border=0><BR>"The most serious of the three Windows XP
vulnerabilities is the remotely exploitable buffer overflow.
It is possible for an attacker to write custom exploit code
that will allow them to execute commands with SYSTEM level
access, the highest level of access within Windows
XP."<BR><IMG height=10
width=1 border=0><BR>"The other two vulnerabilities are types
of denial of service attacks. The first is a fairly
straightforward denial of service attack, which allows an
attacker to remotely crash any Windows XP system. The crash
will require Windows XP users to physically power down their
machines and start them up again before the system will
function. The second denial of service attack is a distributed
denial of service attack. This vulnerability allows attackers
to remotely command many Windows XP systems at once in an
effort to make them flood/attack a single
host."</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<P>Translating eEye's and Microsoft's statements into consequences, this
means that without the security update patch, and with the Universal Plug
and Play (UPnP) system in its default "enabled" state, any of the many
millions of Internet-connected UPnP-equipped Windows systems could be
remotely commandeered and forced to download and run any malicious code of
a hacker's design. This includes using the machine to launch potent Denial
of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
<P>This means that extremely damaging CodeRed and Nimda-style worms can
now be written for millions of Windows machines. Whereas the Microsoft IIS
server worms of 2001 found and infested 'only' several hundred thousand
IIS servers, a Windows "Universal Plug and Play" worm would have more than
ten million XP systems, in addition to many more Windows 98/ME systems,
upon which to prey today.
<P><B>The highly respected Gartner Group has said that they expect hackers
to incorporate the UPnP vulnerabilities into their attack tools by the end
of the first quarter of 2002.</B> <A
href="http://news.cnet.com/news/0-1003-201-8254545-0.html?tag=prntfr">Here's
Gartner's Commentary</A>.
<P>
<TABLE cellSpacing=0 cellPadding=3 bgColor=#990099 border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=15 bgColor=#ffccff border=0>
<TBODY>
<TR>
<TD><FONT
color=black size=-1>
<CENTER><FONT size=+0><B>Three-Month Estimate Too
Conservative??</B></FONT></CENTER><IMG height=8
width=1 border=0><BR><B>Dec. 30, 2001</B> � Gartner's "by the
end of the first quarter, 2002" exploit development prediction
may have been conservative. <A
href="http://packetstorm.widexs.nl/0112-
exploits/XPloit.c">Exploits
for the previous UPnP vulnerability</A> are now floating
around the Internet. The authors of this exploit have
written:<BR><IMG height=8
<CENTER><I>"We have found some new bugs. At this moment we
are<BR>on the way to create a suite of utilities to fully
exploit<BR>WinXP UPnP application (perhaps others
too)."</I></CENTER><IMG height=8
width=1 border=0><BR><A
href="http://packetstorm.widexs.nl/0112-
exploits/XPloit.c">Published
exploit code like this</A> forms the raw material for
tomorrow's high-performance Internet worms. eEye did not
publish "proof of concept" code this time (as they did for
2001's IIS worms) but that clearly doesn't
matter.</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<P><BR>
<CENTER><FONT color=#990033 size=+1>The threat is so significant that the
FBI has urged<BR>consumers to take matters into their own
hands:</FONT></CENTER></FONT></TD></TR></TBODY></TABLE>
<P>
<TABLE cellSpacing=0 cellPadding=1 width="90%" bgColor=#000066 border=0>
<TBODY>
<TR>
<TD><IMG height=2
<TABLE cellSpacing=0 cellPadding=25 bgColor=white border=0>
<TBODY>
<TR>
color=black size=-1><B>MSNBC.com � <A
href="http://www.msnbc.com/news/676671.asp">FBI urges extra caution
with XP bug</A></B><BR>Users urged to disable features impacted by
security holes<B>:</B><BR><IMG height=5
<TABLE cellSpacing=0 cellPadding=1 bgColor=black border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=15 bgColor=#e8e8e8
border=0><TBODY>
<TR>
<TD><FONT
color=black size=-1><B>WASHINGTON, Dec. 21</B> � The
FBI's top cyber-security unit warned consumers and
corporations Friday night to take new steps beyond those
recommended by Microsoft Corp. to protect against
hackers who might try to attack major flaws discovered
in the newest version of Windows
software.</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></
TABLE>
<P><B>Additional early coverage:</B> <BR><IMG height=8
Server_files/textbullet.gif"
width=8 border=0><IMG height=8
width=8 border=0>Salon.com � "<A
href="http://www.salon.com/tech/wire/2001/12/24/xp/index.html?x">FBI
urges consumers to protect Windows XP</A>" <BR><IMG height=8
width=8 border=0>MSNBC.com � "<A
href="http://www.msnbc.com/news/675850.asp">XP seen vulnerable;
patch issued</A>" <BR><IMG height=8
width=8 border=0>Info Warrior � "<A
href="http://www.infowarrior.org/articles/2001-15.html">Who Needs
Hackers? We've Got Microsoft!</A>" (Good rant) <BR><IMG height=8
width=8 border=0>WashingtonPost.com � "<A
href="http://www.washingtonpost.com/wp-dyn/articles/A7050-
2001Dec20.html">Windows
Vulnerable to Hack Attacks</A>" <BR><IMG height=8
width=8 border=0>BBC News � "<A
href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_1722000/1722365
.stm">Fix
your Windows, says Microsoft</A>" <BR><IMG height=8
width=8 border=0>Incidents.org � "<A
href="http://www.incidents.org/diary/diary.php?id=129">Remote
SYSTEM-level UPnP Vulnerability in Windows XP</A>" <BR><IMG height=8
width=8 border=0>The Register � "<A
href="http://www.theregister.co.uk/content/55/23495.html">Feds grill
MS on Windows security</A>" <BR><IMG height=8
width=8 border=0>The Register � "<A
href="http://www.theregister.co.uk/content/4/23480.html">MS warns of
severe universal plug & play security hole</A>"
<P><B>Note that this is NOT EVEN the first significant UPnP
vulnerability:</B> <BR><IMG height=8
width=8 border=0>Neohapsis Archives � "<A
href="http://archives.neohapsis.com/archives/vulnwatch/2001-
q4/0031.html">
Previous security vulnerabilities in UPnP service</A>" <BR><IMG
height=8
width=8 border=0>Microsoft's Response Page � "<A
href="http://www.microsoft.com/technet/treeview/default.asp?url=/techn
et/security/bulletin/MS01-054.asp">Microsoft
Security Bulletin MS01-054</A>"
<P><B>On the lighter side:</B><BR><IMG height=8
width=8 border=0>BBspot � "<A
href="http://www.bbspot.com/News/2001/12/death.html">Gates Announces
Security Death
Squads</A>"</FONT></P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=4 width="90%" bgColor=#d8d8d8 border=0>
<TBODY>
<TR>
<TD align=middle><FONT
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" color=black
size=-1>See the end of this page for additional press coverage of this
developing issue.</FONT></TD></TR></TBODY></TABLE><IMG height=1
Server_files/blackpixel.gif"
width="90%" border=0>
<P><BR>
<TBODY>
<TR>
color=#000066 size=-1><FONT color=#003399 size=+1><B>How did this disaster
happen?</B></FONT><BR>The Universal Plug and Play service (UPnP), which is
installed and running in all versions of Windows XP � and may be loaded
into Windows 98 and ME � essentially turns every one of those systems into
a wide-open Internet server. This server listens for TCP connections on
port 5000 and for UDP 'datagram' packets arriving on port 1900. This
allows malicious hackers (or high-speed Internet worms) located anywhere
in the world to scan for, and locate, individual Windows UPnP-equipped
machines. Any vulnerabilities � known today or discovered tomorrow � can
then be rapidly exploited.<BR><IMG height=8
width=1 border=0><BR>(Note that when enabled, XP's built-in Internet
Connection Firewall (ICF), and some third-party personal firewalls, are
effective in blocking this external access.)
<P><FONT color=#003399 size=+1><B>Can't anyone make an honest
mistake?</B></FONT><BR>Of course<B> . . .</B> but this was
intentional, and Microsoft has still not learned their lesson<B>:</B>
<B>Do not enable Internet servers to be running, by default, in
consumer computers.</B> The last time Microsoft did this, the server was
called "File and Printer Sharing". The insecurity of that decision has
caused untold customer damage through the years and it still causes
serious problems.
<P>Consequently, the most troubling aspect of this issue is that the
POTENTIAL for this insecurity was intentionally and needlessly designed
into Windows XP from the start. ALMOST NO ONE uses or needs to have
Universal Plug and Play enabled today. Yet every copy of Windows XP sold
has it enabled and running by default.
<P>
<CENTER><B>This goes to the heart of Microsoft's lack of
understanding,<BR>or lack of honest concern, about security.</B></CENTER>
<P>For Microsoft to proclaim that Windows XP is the most secure Windows
operating system ever shipped � while every copy has an unnecessary
Internet server running � makes a mockery of their professed commitment to
security.
<P>
<TABLE cellSpacing=0 cellPadding=3 width="100%" bgColor=#999999
border=0><TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=10 width="100%" bgColor=#f0f0f0
border=0>
<TBODY>
<TR>
<TD><FONT
color=#333333 size=-1>
<CENTER><FONT color=#006699 size=+1><B>An Observation about
the nature of 'Security'</B></FONT></CENTER><IMG height=8
width=1 border=0><BR>A number of Microsoft spokesmen have
publicly stated that Windows XP is the most secure operating
system they have ever produced. The declaration itself is
patently absurd. 'Security', like the endurance of an alloy,
can only be proven over time. Microsoft can say that they
<B>hope</B> Windows XP will be the most secure system they
have ever made, or that they <B>tried</B> to make it secure.
But they have no basis for a statement that it is actually
secure. That judgement may only be properly made by
history.<BR><IMG height=8
width=1 border=0><BR>It should escape no one's attention that,
thus far, Windows XP has proven to be THE LEAST SECURE
operating system Microsoft has ever produced.<BR><IMG height=8
width=1 border=0><BR>As reported by <A
href="http://www.washingtonpost.com/wp-dyn/articles/A7050-
2001Dec20.html">Ted
Bridis writing for the Associated Press</A>, Scott Culp,
Microsoft's extremely busy security response manager, stated:
"This is the first network-based, remote compromise that I'm
aware of for Windows desktop systems." In other words, based
upon our experience so far, Windows XP is the least secure
operating system Microsoft has ever
produced.</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<P>
<CENTER><FONT color=#006666 size=+1><B>Universal Plug and Play is a
forward-<BR>looking and very useful technology.</B></FONT></CENTER>
<P>You should not read anything here as an indictment of Universal Plug
and Play itself. In the wake of this latest exploit announcement I studied
UPnP closely and wrote several experimental Universal Plug and Play
protocol devices. The system has great potential and in several years it
will grow into an important networking technology. But that's in the
future.
<P>Today, the overwhelming majority of Windows XP users have NO NEED for
their machines to be running a security-compromising UPnP Internet server.
Therefore, this UPnP service should simply be turned <B>off</B> by default
and only activated when it is actually needed by the end user.
<P>Incredibly, even after this grand debacle, Microsoft refuses to take
the simple and obvious security measure of disabling the unnecessary UPnP
Internet service.
<P>
<CENTER>
<TBODY>
<TR>
color=#003399 size=-1><B>It is crucial to understand that
Microsoft's latest UPnP<BR>security patch DOES NOT DISABLE the UPnP
services.<BR><IMG height=8
width=1 border=0><BR>All Windows UPnP machines will continue to run
an open<BR>server advertising their presence across the
Internet.</B></FONT></TD></TR></TBODY></TABLE></CENTER>
<P>
<CENTER><FONT color=#006666 size=+1><B>It is up to you to take
responsibility for<BR>the security of your personal
computer.</B></FONT></CENTER>
<P><BR><IMG height=4
Server_files/darkredpixel.gif"
width="100%" border=0><BR><IMG height=8
width=1 border=0><BR><B>Introducing UnPlug n' Pray:</B>
<P>
<CENTER><FONT color=#990033 size=+0><B><FONT size=+1>UnPlug n' Pray</FONT>
empowers all Windows users with the<BR>means to shut down the dangerous
and unnecessary<BR>UPnP Internet server running in their
machines.</B></FONT></CENTER></FONT></TD></TR></TBODY></TABLE>
<CENTER><A href="http://grc.com/files/UnPnP.exe"><BR><IMG height=8
Server_files/disabled.gif"
width=480 border=0></A><BR><IMG height=5
width=1 border=0><BR><FONT
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" color=black
size=-2>Click <A href="http://grc.com/files/UnPnP.exe">this link</A>, or the
image above, to download the 22k byte UnPlug n' Pray.</FONT></CENTER>
<P><BR>
<TBODY>
<TR>
color=#000066 size=-1><FONT color=#003399 size=+1>Questions, Answers, and
Details about UnPlug n' Pray:</FONT>
<TBODY>
<TR vAlign=baseline>
<TD><IMG height=8
width=8 border=0></TD>
color=#000060 size=-1><FONT color=#333333 size=+0><B>How is UnPnP
used?</B></FONT><BR>UnPnP's management of your system's Universal
Plug & Play system is "sticky". Nothing is installed or left
running in your machine, and after its use you can freely delete the
utility.<BR><IMG height=8
width=1 border=0><BR>Simply <A
href="http://grc.com/files/UnPnP.exe">download this small (22k byte)
Windows application</A>, then run it to display and optionally alter
the current state of your system's UPnP services. Once this work has
been done, everything is set and you no longer need this UnPnP
utility. You may wish to keep it around in the event that you need
to re-enable your system's UPnP system someday, but you will always
be able to grab a fresh copy from our web site.<BR><IMG height=8
width=1 border=0><BR>If you should ever need to re-enable your
system's UPnP system, simply rerun this UnPlug n' Play
utility.</FONT></TD></TR>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=+0><B>What, exactly,
does UnPnP do?</B></FONT><BR>Under Windows XP, the Universal Plug
& Play system is supported by two service processes, the "SSDP
Discovery Service" (SSDPDS) and the "Universal Plug and Play Device
Host" (UPNPDH). Although both services are started upon demand, the
SSDP service is started when Windows XP is booted. The SSDPDS
service is the Internet server component which opens and exposes
Windows XP to the global Internet. The UPNPDH service is only
started when needed and its operation is dependent upon SSDPDS.
<P>
border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=10 width="100%"
bgColor=#ffe8e8 border=0>
<TBODY>
<TR>
<TD><FONT
color=#800000 size=-1><B><U>PLEASE NOTE:</U></B> There
is a great deal of confusion being caused by Microsoft's
non-obvious naming of the two UPnP services. This
situation is exacerbated by the FBI's NIPC web site,
which has unfortunately posted wrong information over
the holidays. People are led to believe that disabling
the service named "Universal Plug and Play Device Host"
disables the UPnP system. But it does not. That service
is not even running by default. The correct action is to
STOP then DISABLE the service named "SSDP Discovery
Service".<BR><IMG height=8
width=1 border=0><BR><B>You can demonstrate this for
yourself</B> by issuing the command "netstat -an" at a
command prompt. While the SSDP Discovery service is
running, Netstat will show that TCP port 5000 is in the
listening state and UDP port 1900 is accepting inbound
datagrams. After the SSDP Discovery Service has been
stopped those Netstat lines will
disappear.</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY><
/TABLE>
<P><IMG height=8
width=8 border=0> <FONT color=#333399><B>To disable the
Universal Plug & Play system:</B></FONT> UnPnP first stops the
UPNPDH service if it is running, then disables its future operation.
After this is done the SSDPDS service is stopped and also disabled.
This shuts down Windows XP's external Internet server to prevent
exposure to any presently known or later discovered UPnP
vulnerabilities.<BR><IMG height=8
width=1 border=0><BR><IMG height=8
width=8 border=0> <FONT color=#333399><B>To re-enable the
Universal Plug & Play system:</B></FONT> UnPnP simply reverses
the process. The SSDPDS service is set to start on demand, and it is
then started. Then, the UPNPDH service is also set to start on
demand, but it is not started. With the SSDPDS service running the
Windows XP system will have TCP port 5000 open and accepting remote
connections and UDP port 1900 listening for inbound
datagrams.<BR><IMG height=8
width=1 border=0><BR>UnPnP's actions are completely benign and
reversible. There are no known negative side effects caused by
disabling the Universal Plug & Play components when they are not
needed. They may easily be re-enabled if they are ever needed at any
time in the future.<BR><IMG height=8
width=1 border=0><BR><B><U>One important note of caution:</U></B>
Microsoft has a nasty and very insecure habit of "undoing"
non-standard system changes that have been made to enhance the
system's security. We will update this page if we learn of anything
that secretly re-enables these services. But you may want to briefly
run UnPnP from time to time, especially after making extensive
changes to your system, to be sure everything is still securely
disabled.<BR><IMG height=8
border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=10 width="100%"
bgColor=#ccffff border=0>
<TBODY>
<TR>
<TD><FONT
color=black size=-1><B><U>JAN 3, 2002:</U></B> We have
received preliminary reports of the UPnP service being
silently re-enabled without the users' knowledge or
permission. We hope that this is an innocent side-effect
of background XP updates, but it is our position that
users have the implicit right to decide how their
computers operate, and what services they run.<BR><IMG
height=8
width=1 border=0><BR>Please keep an eye on this for a
while by re-running UnPnP from time to time to check on
the "disabled" status. If you find that UPnP has become
silently re-enabled on your system, please drop a note
to us at <A
href="mailto:support@grc.com?subject=Yikes!! UPnP re-
enabled itself!">mailto:support@grc.com?subject=Yikes!!
UPnP re-enabled itself!</A>. If this behavior is
confirmed, we will immediately enhance UnPnP to prevent
this silent re-enabling. Our eMail system subscribers
will then be notified of this
enhancement.</FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY
></TABLE></FONT></P></TD></TR>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=+0><B>What is
"Universal Plug & Play" and why don't I need
it?</B></FONT><BR>Universal Plug & Play is not related to the
established Plug & Play hardware standard for PCs. Microsoft
presumably adopted the name "Universal Plug & Play" because it
is a warm and fuzzy feel-good name. A more descriptive name would
have been "Network Plug & Play" since that is exactly what it
is.<BR><IMG height=8
width=1 border=0><BR>UPnP is a set of communications protocol
standards that allow networked TCP/IP devices to announce their
presence to all other devices on the network and to then
inter-operate in a flexible and pre-defined fashion. There is
nothing wrong with the idea, though even in the absence of security
mistakes, it is not difficult to be concerned about the overall
security of the system. If you want to learn more, the <A
href="http://www.upnp.org/">Universal Plug & Play Forum</A> web
site has additional information.<BR><IMG height=8
width=1 border=0><BR>As for why you don't need it; unless you
actually have some UPnP devices on your local network, there is no
one for the Windows UPnP system to talk to. It was bizarre and
irresponsible for Microsoft to turn every Windows machine into a
Universal Plug & Play Internet server, opening every machine to
wide ranging Internet exploitation. It is still irresponsible
today.</FONT></TD></TR>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=+0><B>Will a personal
firewall, like ZoneAlarm, protect my system?</B></FONT><BR>If you
disable the unnecessary UPnP service you will not be vulnerable to
current or future UPnP exploits whether or not you have a personal
firewall. Our experiments and independent reports have indicated
that <B>some personal firewalls are penetrated by the UPnP service
while others are effective in protecting the machine.</B> Our <A
href="https://grc.com/x/ne.dll?bh0bkyd2">ShieldsUP! Port Probe</A>
now checks for the UPnP TCP server running on port 5000. This allows
you to determine whether that UPnP port is exposed to the world.
However, you should not consider this conclusive since the UPnP
protocol also uses UDP datagram messages which ShieldsUP! was not
designed to test.</FONT></TD></TR>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=+0><B>Will a NAT
Router, like a LinkSys, protect my system?</B></FONT><BR>A non-UPnP
aware NAT router makes a terrific hardware firewall since it
discards unexpected and unsolicited inbound Internet packets. But as
routers become UPnP-aware their behavior will need to be carefully
scrutinized with regard to Internet pass-through. We can hope that
they will offer explicit UPnP security to prevent external traffic
from entering the internal network. But in any event, our <A
href="https://grc.com/x/ne.dll?bh0bkyd2">ShieldsUP! Port Probe</A>
can always be used to quickly check your network's external UPnP
profile.</FONT></TD></TR>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=+0><B>How can UnPlug
n' Pray be so small? Only 22 kbytes?</B></FONT><BR>I have been
programming computers for 34 years. There's nothing I love more. You
can see this experience and caring in every piece of software I
create. I write all of my software in 100% pure assembly language �
the raw native language of the Intel microprocessor. I use it
because, as the actual language of the system, it requires no
inefficient translation from an easier-to-use "high level"
language.<BR><IMG height=8
width=1 border=0><BR>Some people develop software because its their
job � it's what they do to survive. I do it for the sheer joy of
creating and sharing useful, tight, efficient and effective tools.
It is one of my favorite forms of
communication.</FONT></TD></TR></TBODY></TABLE>
<P><FONT color=#003399 size=+1>UnPnP Version History:</FONT>
<TBODY>
<TD><IMG height=8
color=#000060 size=-1><FONT color=#333333 size=-1><B>Version 1.0 �
December 25, 2001</B></FONT><BR>Initial release. Compatible with
Windows XP only.<BR>No known bugs or problems found.</FONT></TD></TR>
<TD><IMG height=8
December 27, 2001</B></FONT><BR>Added support for <B>all</B> Windows
platforms: 98/98SE/ME/2000.<BR>No known bugs or problems
found.</FONT></TD></TR>
<TD><IMG height=8
December 28, 2001</B></FONT><BR>At the request of several
administrators of large networks, support was added for a non-GUI
command-line interface. This allows UnPnP to be easily deployed
throughout corporate networks and invoked by login scripts.<BR><IMG
height=8
width=1 border=0><BR>Use commands:  <FONT
face="courier new, courier" color=black size=+0><B>UnPnP
disable</B></FONT>  or  <FONT
face="courier new, courier" color=black size=+0><B>UnPnP
enable</B></FONT></FONT></TD></TR></TBODY></TABLE>
<P><FONT color=#003399 size=+1>Ongoing Coverage of Windows' UPnP
Vulnerability:</FONT>
<TBODY>
<TD><IMG height=8
color=#000060 size=-1><A
href="http://www.usatoday.com/life/cyber/tech/2002/01/02/xp-security-
hole.htm"><B>Many
XP users slow to patch security hole</B></A><BR>USA Today, January
2, 2002, by Byron Acohido</FONT></TD></TR></TBODY></TABLE>
<P>I hope you will find UnPlug n' Pray to be important, useful and
reliable.
<P><IMG height=39
src="UnPlug n' Pray - Disable the Dangerous UPnP Internet Server_files/smg-
sig2.gif"
width=73 border=0> </FONT></P></TD></TR></TBODY></TABLE>
<P>
<P>
<TBODY>
<TR bgColor=#000099>
<TD colSpan=2><IMG height=3
Server_files/darkbluepixel.gif"
width="100%" border=0></TD></TR>
<TR>
color=#333366 size=-2>Last Edit: Jan 04, 2002 at 15:21 (16.36 days
ago)</FONT></TD>
<TD align=right><FONT
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" color=#333366
size=-2>Viewed 7,613 times per day</FONT></TD></TR></TBODY></TABLE><IMG
height=12
<TABLE cellSpacing=0 cols=9 cellPadding=0 width=10 border=0>
<TBODY>
<TR>
<TD align=middle><A href="http://grc.com/purchasing.htm" target=_top><IMG
height=81 alt="Purchase Info"
Server_files/mopurch.gif"
<TD>     </TD>
<TD align=middle><A href="http://grc.com/mail.htm" target=_top><IMG
height=90 alt="GRC Mail System"
Server_files/momail.gif"
<TD>     </TD>
<TD align=middle><A href="http://grc.com/default.htm" target=_top><BR><IMG
height=57 alt="GRC's Homepage"
src="UnPlug n' Pray - Disable the Dangerous UPnP Internet Server_files/ruby-
g.gif"
<TD>     </TD>
<TD align=middle><A href="http://grc.com/support.htm" target=_top><IMG
height=73 alt="Tech Support"
Server_files/mosupport.gif"
<TD>     </TD>
<TD align=middle><A href="http://grc.com/discussions.htm" target=_top><IMG
height=90
Server_files/discussion.gif"
width=63 border=0></A></TD></TR>
<TR>
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" size=-2><A
href="http://grc.com/purchasing.htm"
target=_top>Purchasing Info</A></FONT></TD>
<TD>     </TD>
href="http://grc.com/mail.htm"
target=_top>GRC Mail System</A></FONT></TD>
<TD>     </TD>
href="http://grc.com/default.htm"
target=_top>To GRC's Home</A></FONT></TD>
<TD>     </TD>
href="http://grc.com/support.htm"
target=_top>Tech Support</A></FONT></TD>
<TD>     </TD>
href="http://grc.com/discussions.htm"
target=_top>Discussions</A></FONT></TD></TR></TBODY></TABLE><IMG height=10
width=1 border=0><BR><FONT
face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" color=#808080
size=-2>The contents of this page are Copyright (c) 2001 by Gibson Research
Corporation. <BR>SpinRite, ChromaZone, ShieldsUP, NanoProbe, the character 'Moe'
(shown above),<BR>and the slogan "It's MY Computer" are registered trademarks of
Gibson Research<BR>Corporation (GRC), Laguna Hills, CA, USA. GRC's web and
customer <A href="http://grc.com/privacy.htm">privacy policy</A>. <BR>~ ~ ~
</FONT></CENTER></P></BODY></HTML>

I.E. Bomb Script

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

I.E. Bomb Script

Încărcat de

Drepturi de autor:

Formate disponibile

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.

S-ar putea să vă placă și