the forums at degreez.net

It is currently Tue Mar 19, 2024 1:54 am

All times are UTC - 7 hours [ DST ]




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 54 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
PostPosted: Wed Sep 01, 2004 12:21 am 
I know some of you haven't been having problems with it but I was. The firewall is XP SP2 is much better than the previous one. Actually, it is too good for BT I guess. Anyways, I had disabled the firewall considering the fact that the router I'm using has a firewall with it. This didn't fix the UPnP issue though. Apparently there is a bit of a bug in the firewall where it will apply some of the setting regardless if the firewall is turned off or not. To fix this I simply:
1. Went to network connections.
2. Right-click on the connection you are using for your internet and go to properties.
3. Click the Advanced tab.
4. Click settings.
5. Click the Exemptions tab.
6. Click the UPnP Framework so it is checked.
7. Click OK then OK again and it SHOULD work (it did for me).


Top
  
 
 Post subject:
PostPosted: Tue Sep 07, 2004 7:20 am 
UPnP is a great security risk! i recommend to disable it, heres some information: http://www.grc.com/unpnp/unpnp.htm


Top
  
 
 Post subject:
PostPosted: Tue Sep 07, 2004 8:26 am 
Offline

Joined: Sun Mar 07, 2004 10:05 am
Posts: 1212
If your computer is connected directly to your uplink I don't recommend using it; but if you're behind a router, which prevents the outside world from contacting your computer via UPnP, it's not a serious concern.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 09, 2004 12:22 pm 
Would it be safe to enable UPnP if you your router is configured for DMZ?


Top
  
 
 Post subject:
PostPosted: Thu Sep 09, 2004 1:01 pm 
Offline

Joined: Sun Mar 07, 2004 10:05 am
Posts: 1212
Depends on whether the router will forward non-IP packets to the DMZ; but I don't recommend running a machine in the DMZ at all.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Sep 10, 2004 11:05 am 
I enabled UPnP and BitTornado still doesn't work. I'm forced to use Bram's BT client. :(

I think that the URL from the Guest post is a bunch of BS. They just want to sell a product using scare tactics. Their product does something that can already be done manually. One paragraph states "Microsoft's latest security patch DOES NOT DISABLE UPnP!" Why would it disable UPnP?! I believe that the latest security patch from Microsoft makes UPnP safe. Sure; there may be undiscovered vulnerabilities, but Microsoft generally releases patches long before they are exploited. The problem is that most elitists think that they're too good for Automatic Update Notification.


Top
  
 
 Post subject:
PostPosted: Fri Sep 10, 2004 1:27 pm 
Anonymous wrote:
I enabled UPnP and BitTornado still doesn't work. I'm forced to use Bram's BT client. :(

I think that the URL from the Guest post is a bunch of BS. They just want to sell a product using scare tactics. Their product does something that can already be done manually. One paragraph states "Microsoft's latest security patch DOES NOT DISABLE UPnP!" Why would it disable UPnP?! I believe that the latest security patch from Microsoft makes UPnP safe. Sure; there may be undiscovered vulnerabilities, but Microsoft generally releases patches long before they are exploited. The problem is that most elitists think that they're too good for Automatic Update Notification.


Err... open ur mouth and now put ur foot in there. Steve Gibson's UnPlug n' Pray is FREE! There is nobody trying to sell you anything. This is just a small registry hack to disable UPnP for the average person who doesn't know how to do it manually.

There have been numerous hacks exploiting the UPnP feature that is automatically turned on. You have to keep in mind that Microsoft tailors their software around functionality before security. They figure they will configure your OS to work. It is up to the end-user to figure out what services are and are not needed. If some of these unneeded services are security risks, too bad. Microsoft will not fix them until they start receiving bad press because of it. Even with SP2 there are still known exploits in the wild. Microsoft just does not deem them serious enough to fix right away. Some of the major worms seen in the past couple years exploited known vulnerabilites. MS only fixed them after everyone started getting slammed.

You say there may be undiscovered vulnerabilities... you should be saying there are known vulnerabilities that are still not fixed Go do some googling if you don't believe me.

Turning off UPnP is just common sense. If you don't need the service running, then by all means turn it off and shut a potential security leak. As long as there is one curious or industrious individual out there, new ways to hack will be discovered. There is no such thing as a foolproof program. There are always ways to get in the door. If you remove the door and put a solid brick metal wall in it's place, it makes it a hell of a lot harder for someone to get in without being seen.


Top
  
 
 Post subject:
PostPosted: Fri Sep 10, 2004 1:36 pm 
This site explains very well what services are needed and are not needed. Before making any changes, you should always READ ABOUT what you are doing. http://www.blackviper.com/WinXP/servicecfg.htm Keep in mind this is for Windows XP. There is also a section for Windows 2000.


Top
  
 
 Post subject:
PostPosted: Fri Sep 10, 2004 2:22 pm 
If the above doesn't work (it didn't for me), try setting "uPnP Port Forwarding" in the BitTornado prefs to "disabled". That worked for me.

- cdr


Top
  
 
 Post subject:
PostPosted: Sat Sep 11, 2004 9:09 am 
The only "major" worm in recent memory to exploit an un-patched vulnerability was W32 Blaster.

Show me a UPnP vulnerability which has not been fixed. If you say you know of one, I'll PM my IP address :roll:


Top
  
 
 Post subject:
PostPosted: Tue Sep 14, 2004 2:16 pm 
http://www.microsoft.com/technet/securi ... 1-059.mspx

That's the vulnerability that "UnPlug N Pray" is supposed to get rid of.

Notice the date they put an update patch out? December 20, 2001.

Guess when Windows XP came out? October 25, 2001.

http://www.microsoft.com/Downloads/deta ... CF686A352B

Guess what this is?

The patch.

You do not need to disable UPNP, it is a really nice feature that unfortunately I wish I could take advantage of but cannot :(


Top
  
 
 Post subject:
PostPosted: Wed Sep 22, 2004 12:07 pm 
but all those updates are before SP2 released. Does it really solves?

What should I do... SP2 really screw up Bittornado.


Top
  
 
 Post subject: have changed to ...
PostPosted: Thu Sep 23, 2004 11:46 am 
So I took the easiest path .... Trying another torrent client.

And found out that I can get my old speed using TorrentStorm.

It is easier and we dont need to configure anything to the windows XP SP2.

Bittornado, please fix yourselff......


Top
  
 
 Post subject:
PostPosted: Fri Sep 24, 2004 1:51 am 
Yadda is right, if you don't have a need for upnp, why have it on? Microsoft does have many services turned on by default, and it's more or less so the end user can have a computer up and running in several different enviroments with little knowledge of computers. This is NOT a secure enviroment at all. Blackvipers site explains many of those services, what they are needed for, etc. I find it sad that Microsoft does not have that information easily available to people, why does it have to be a 3rd party??

Any service that you have enabled on any operating system does open the door to security risks, and takes up system resorces. It makes no sence at all to have any uneeded service running on your computer, be it linux, unix, mac or microsoft. To defend any software manufacturer that enables several services that are seldom used is ignorant. Microsoft is a king at doing such things.

No matter what operating system you deal with, there will always be new exploits found, and new holes to fill. The problem with closed source software, such as microsoft, is that it is not reviewed by as many people, and when those things are found, we have to wait for microsoft to fix them. I do believe that microsoft has lost some of its trust in the public because security was not as important to the company as it should be. If they remain a closed source company, it's security will never be what it could be.

And no matter how many patches they come out with to fix a problem (any operating system) there will be a hacker that will find another hole somewhere to break in. The only secure computer there is is one that is turned off and locked away in a place that it has no human contact or connection to the outside world. What a boring computer.


Top
  
 
 Post subject: Re: have changed to ...
PostPosted: Mon Sep 27, 2004 2:20 pm 
Anonymous wrote:
So I took the easiest path .... Trying another torrent client.

And found out that I can get my old speed using TorrentStorm.

It is easier and we dont need to configure anything to the windows XP SP2.

Bittornado, please fix yourselff......


Did you use BitTornado as your existing client or did you download a new one? The solution may not be TorrentStorm but that other client.


Top
  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 54 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC - 7 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group