ruzivo nezve () muUPnP protocol, iyo inokutendera kuti uronge kutumira kwetraffic kune anogashira anogamuchira uchishandisa "SUBSCRIBE" mashandiro akapihwa muyero. Kusagadzikana kwakapihwa zita rekodhi . Kusagadzikana kunogona kushandiswa kubvisa data kubva kunetiweki akadzivirirwa nedata kurasikirwa nekudzivirira (DLP) masisitimu, kuronga kutariswa kwemakomputa ports pane yemukati network, uye zvakare kuwedzera DDoS kurwiswa uchishandisa mamirioni emidziyo yeUPnP yakabatana kune network yepasirese, senge tambo. modem, ma routers epamba , game consoles, IP cameras, TV set-top boxes, media centers nemaprinta.
dambudziko mukuti "SUBSCRIBE" basa rakapihwa mune yakatarwa rinobvumira chero munhu wekunze anorwisa kutumira HTTP mapaketi ane Callback musoro uye shandisa iyo UPnP mudziyo semumiriri kutumira zvikumbiro kune mamwe mauto. Iyo "SUBSCRIBE" basa rinotsanangurwa mune UPnP yakatarwa uye rinoshandiswa kuteedzera shanduko mune mamwe maturusi nemasevhisi. Uchishandisa Callback HTTP musoro, unogona kutsanangudza URL iyo mudziyo uchaedza kubatanidza.
Anenge ese UPnP mashandisirwo akavakirwa pa , yakaburitswa kusvika Kubvumbi 17. Kusanganisira kuvapo kwehutera mune yakavhurika package nekushandiswa kweiyo wireless access point (WPS AP). Iyo gadziriso iripo ikozvino se . Zvigadziriso hazvisati zvaburitswa mukugovera (, , , , , , ) Dambudziko zvakare mhinduro dzakavakirwa pakavhurika UPnP stack , iyo haisati yave neruzivo rwekugadzirisa.
Iyo UPnP protocol inotsanangura mashandisirwo ekuwana otomatiki uye kutaurirana nemidziyo pane yemuno network. Nekudaro, iyo protocol yakatanga kugadzirwa kuti ishandiswe mukati memukati metiweki uye haipe chero mafomu ehuchokwadi nekusimbisa. Zvisinei neizvi, mamirioni ezvishandiso haadzima UPnP rutsigiro pane ekunze network interface uye kune zvikumbiro kubva kunetiweki yepasi rose. Kurwiswa kwacho kunogona kuitwa kuburikidza nechero UPnP mudziyo.
Semuenzaniso, Xbox One consoles inogona kurwiswa kuburikidza netiweki port 2869 nekuti inobvumira shanduko senge kugovana zvemukati kuti zvitariswe kuburikidza neiyo SUBSCRIBE kuraira.
Open Connectivity Foundation (OCF) yakaziviswa nezvenyaya iyi kupera kwegore rapfuura, asi pakutanga yakaramba kuiona sekusagadzikana mune zvakatemwa. Mushure mekudzokorora mushumo wakadzama, dambudziko rakazivikanwa uye chinodiwa chekushandisa UPnP chete paLAN interfaces chakawedzerwa kune iyo yakatarwa. Sezvo dambudziko racho richikonzerwa nekukanganisa muyero, zvinogona kutora nguva yakareba kugadzirisa kusagadzikana mumidziyo yega yega, uye firmware inogadziridza inogona kusaoneka kune ekare zvishandiso.
Sekuchengetedzwa kwekuchengetedza, zvinokurudzirwa kuparadzanisa zvishandiso zveUPnP kubva kune zvikumbiro zvekunze nefirewall, kuvhara zvikumbiro zveHTTP zvekunze "SUBSCRIBE" uye "NOTIFY" pamasisitimu ekudzivirira kurwisa, kana kudzima UPnP protocol pane ekunze network network. Vagadziri vanokurudzirwa kudzima iyo SUBSCRIBE basa mune yakasarudzika marongero uye kuimisa kugashira zvikumbiro kubva kune yemukati network kana yagoneswa.
Kuti uedze kusazvibata kwemidziyo yako yakakosha toolkit yakanyorwa muPython uye yakagoverwa pasi peMIT rezinesi.
Source: opennet.ru