Honeypot for emulating UPNP devices
- soapserver/
- Server responsible for the UPNP SOAP interface (In progress)
- Expose XML device descriptions (In progress)
- Expose RPC control endpoints (unimplimented)
- Server responsible for the UPNP SOAP interface (In progress)
- ssdpserver/
- UDP Server that advertises the SOAP server using SSDP (Valid responses are returned although requests are not yet fully parsed)
- Respond to M-Search requests (Done)
- Index all SSDP fields into Elasticsearch (In progress)
- Block frequent repeat requests. (Done)
- UDP Server that advertises the SOAP server using SSDP (Valid responses are returned although requests are not yet fully parsed)
The UPNP event notification system will not be implimented at this time. When it is it will be necessary to add a UDP server for event transmission and possibly subscription (The UPNP spec is a little vague as to whether subscriptions requests are sent over HTTP or UDP).
- UPNP spec
- Overview of UPNP
- Rapid7 report on UPNP vulnerabilities (Primarily implimentation specific memory safety problems)
- Overview of Internet Gateway Device vulnerabilities
- Akamai report on attackers using UPNP to create proxy networks
- GENA protocol used as a basis for the UPNP event system