Universal Plug and Play(UPnP) is a technology developed by Microsoft in 1999, as a solution for NAT traversal(among other things). This talk explores the exploiting of port mapping services in UPnP/IGD devices from the WAN. It also talks about a tool called Umap to help process the UPnP requests. Attacking UPnP allows attackers to use devices as a proxy that can establish connections to internal and external IP addresses. The software allows scanning internal hosts behind the device NAT, manual port-mapping(WAN to LAN, WAN to WAN) and a SOCKSv4 proxy service that automatically maps requests to UPnP devices. Most UPnP attacks have focused on the exploiting of UPnP from the LAN side of the device, this talk focuses on attacking from the WAN side. Attackers can use these techniques to hide IP addresses and attack internal hosts behind common household gateway devices.
Daniel Garcia (FormateZ on Undernet) is a security researcher/consultant with 15+ years of experience in security. He also founded Toor, a security consultant group that focuses on penetration testing, secure architectures and application assesments.Aside from security, he has also worked with numerous projects and platforms like DOCSIS, Wimax, Wi-Fi(city-wide), PLC and DHE.