| View previous topic :: View next topic |
| Author |
Message |
SoLoR
Joined: 30 May 2009
Posts: 36
|
 Posted: Thu Apr 02, 2020 11:00 am Post subject: miniupnpd - DNS rebinding attack suspected with ipv6 support |
 |
|
Hello,
Every time some client wants to forward a port im getting warning in syslog
Apr 2 12:50:21 mih miniupnpd[6641]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:xxxx::1:33641).
This IP is IP of a lan interface on router where miniupnpd is runing. Everything seems to work as it should, so there is just this warning and it annoys me. Is it me that i have something miss configured or? If this helps, this IP is part of /60 subnet.
I was considering to just comment out few lines in upnphttp.c, so it will stop annoying me, since everything seems to work anyway, however this is not really "proper" way to do it  |
|
| Back to top |
|
 |
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Mon Apr 06, 2020 10:48 pm Post subject: |
|
|
this is not only a warning, miniupnpd terminates the HTTP connection with a 404 (should be 403) after logging this message.
you should have
LOG_INFO, "HTTP REQUEST from %s : %s %s (%s)",
LOG_DEBUG, "Host: %.*s",
LOG_NOTICE, "DNS rebinding attack suspected (Host: %.*s)"
please run miniupnpd in debug mode (-d) to get the INFO and DEBUG messages.
Your client may be using a numerical Host: header without enclosing the IPv6 address within []
2a01:260:xxxx:xxxx::1:33641 should be [2a01:260:xxxx:xxxx::1]:33641
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
SoLoR
Joined: 30 May 2009
Posts: 36
|
| Posted: Tue Apr 07, 2020 10:24 am Post subject: |
|
|
| Code: | mih ~ # /usr/sbin/miniupnpd -f /etc/miniupnpd/miniupnpd.conf -d
miniupnpd[14332]: system uptime is 45008 seconds
miniupnpd[14332]: Reloading rules from lease file
miniupnpd[14332]: version 2.1.20200329 starting UPnP-IGD ext if wan BOOTID=1586254739
miniupnpd[14332]: HTTP listening on port 45797
miniupnpd[14332]: HTTP IPv6 address given to control points : [2a01:260:xxxx:yyyy::1]
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP MAP: added mapping TCP 58948->2a01:260:xxxx:yyyy::2:58948 'PCP MAP dcc40114e4ddc03a1acfa1b9'
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP MAP: added mapping UDP 58948->2a01:260:xxxx:yyyy::2:58948 'PCP MAP 50bb6487bb599a113ebfb0a7'
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58951 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:58952)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: HTTP REQUEST from [2a01:260:xxxx:yyyy::2]:58952 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 2a01:260:xxxx:yyyy::1:45797
miniupnpd[14332]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:yyyy::1:45797)
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58953 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58954 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[14332]: AddPortMapping: ext port 58944 to 10.0.0.2:58944 protocol TCP for: qBittorrent/4.2.3 leaseduration=3600 rhost=
miniupnpd[14332]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[14332]: redirecting port 58944 to 10.0.0.2:58944 protocol TCP for: qBittorrent/4.2.3
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58955 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[14332]: AddPortMapping: ext port 58944 to 10.0.0.2:58944 protocol UDP for: qBittorrent/4.2.3 leaseduration=3600 rhost=
miniupnpd[14332]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[14332]: redirecting port 58944 to 10.0.0.2:58944 protocol UDP for: qBittorrent/4.2.3
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5 10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP: TCP port 46 mapping removed
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP: UDP port 46 mapping removed
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58977 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[14332]: DeletePortMapping: external port: 58944, protocol: TCP
miniupnpd[14332]: removing redirect rule port 58944 TCP
miniupnpd[14332]: Trying to delete nat rule at index 2
miniupnpd[14332]: Trying to delete filter rule at index 2
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58978 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[14332]: DeletePortMapping: external port: 58944, protocol: UDP
miniupnpd[14332]: removing redirect rule port 58944 UDP
miniupnpd[14332]: Trying to delete nat rule at index 2
miniupnpd[14332]: Trying to delete filter rule at index 2
^Cminiupnpd[14332]: shutting down MiniUPnPd |
LOG of a client (qbittorrent) - requesting and removing port mapping.... |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Tue Apr 07, 2020 4:12 pm Post subject: |
|
|
| Code: | miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58951 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:58952)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: HTTP REQUEST from [2a01:260:xxxx:yyyy::2]:58952 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 2a01:260:xxxx:yyyy::1:45797
miniupnpd[14332]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:yyyy::1:45797) |
It looks like the client does 2 requests. 1 with IPv4 with success, and 1 with IPv6 which fails because miniupnpd fails to recognize 2a01:260:xxxx:yyyy::1:45797 as a valid Host: header. It should be [2a01:260:xxxx:yyyy::1]:45797.
You should report this to qbittorrent.
Everything works fine afterward because the client uses the IPv4.
If you are using miniupnpd only for IPv4 port mappings, I think you should disable the IPv6 support.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
SoLoR
Joined: 30 May 2009
Posts: 36
|
| Posted: Tue Apr 07, 2020 5:56 pm Post subject: |
|
|
| miniupnp wrote: | Everything works fine afterward because the client uses the IPv4.
If you are using miniupnpd only for IPv4 port mappings, I think you should disable the IPv6 support. |
I had it with ipv6 disabled until like a week ago, but then i noticed IPv6 support is convenient way to auto add ip6tables rule for that specific port to forward chain so i dont need to forward all ipv6 inbound traffic to my computer i guess i could make port static (currently its random) and create rule manually... and like i said everything seems to work anyway, ipv4&ipv6, its just an error that annoys me and didnt know, if its miniupnpd fault or maybe clients and i have a habit to go quickly thru logs every couple of days if something funky is going on and this qualified as funky |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
