For excessively paranoid client authentication.
Original: https://gist.github.com/mtigas/952344
openssl x509 -in server.crt -out server.der -outform DER
openssl x509 -in server.der -inform DER -out server.pem -outform PEM
Run the following: | |
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT | |
iptables -A FORWARD -m pkttype --pkt-type multicast -j ACCEPT | |
iptables -A OUTPUT -m pkttype --pkt-type multicast -j ACCEPT | |
Or: | |
iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT | |
iptables -A FORWARD -s 224.0.0.0/4 -d 224.0.0.0/4 -j ACCEPT |
For excessively paranoid client authentication.
Original: https://gist.github.com/mtigas/952344
openssl x509 -in server.crt -out server.der -outform DER
openssl x509 -in server.der -inform DER -out server.pem -outform PEM
Turns out, UPnP is terrible when it comes to security. The entire protocol exists to have devices easily find and connect to one another without any authentication at all. This is all good fun to poke around with. Here are a few tools and notes I've found along the way.
UPnP devices can be found by listening to UDP packets on port 1900. To actively discover these services on your network, send an HTTP M-SEARCH
request to the default UDP mulicast address: 239.255.255.250
.
There are some great Linux tools that make interfacing with all of these stuff a synch:
sudo apt update
#!/bin/bash | |
#~/bin/upnpPortMapper.sh | |
#sudo apt-get install miniupnpc | |
#crontab -l | grep upnp || echo $(crontab -l ; echo '*/5 * * * * ~/bin/upnpPortMapper.sh >/dev/null 2>&1') | crontab - | |
export LC_ALL=C | |
router=$(ip r | grep default | cut -d " " -f 3) | |
gateway=$(upnpc -l | grep "desc: http://$router:[0-9]*/rootDesc.xml" | cut -d " " -f 3) | |
ip=$(upnpc -l | grep "Local LAN ip address" | cut -d: -f2) |