miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

miniupnpd - DNS rebinding attack suspected with ipv6 support

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Bugs
View previous topic :: View next topic  
Author Message
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Thu Apr 02, 2020 11:00 am    Post subject: miniupnpd - DNS rebinding attack suspected with ipv6 support Reply with quote

Hello,

Every time some client wants to forward a port im getting warning in syslog

Apr 2 12:50:21 mih miniupnpd[6641]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:xxxx::1:33641).

This IP is IP of a lan interface on router where miniupnpd is runing. Everything seems to work as it should, so there is just this warning and it annoys me. Is it me that i have something miss configured or? If this helps, this IP is part of /60 subnet.

I was considering to just comment out few lines in upnphttp.c, so it will stop annoying me, since everything seems to work anyway, however this is not really "proper" way to do it Smile
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1487

PostPosted: Mon Apr 06, 2020 10:48 pm    Post subject: Reply with quote

this is not only a warning, miniupnpd terminates the HTTP connection with a 404 (should be 403) after logging this message.

you should have
LOG_INFO, "HTTP REQUEST from %s : %s %s (%s)",
LOG_DEBUG, "Host: %.*s",
LOG_NOTICE, "DNS rebinding attack suspected (Host: %.*s)"

please run miniupnpd in debug mode (-d) to get the INFO and DEBUG messages.

Your client may be using a numerical Host: header without enclosing the IPv6 address within []

2a01:260:xxxx:xxxx::1:33641 should be [2a01:260:xxxx:xxxx::1]:33641
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Tue Apr 07, 2020 10:24 am    Post subject: Reply with quote

Code:
mih ~ # /usr/sbin/miniupnpd -f /etc/miniupnpd/miniupnpd.conf -d
miniupnpd[14332]: system uptime is 45008 seconds
miniupnpd[14332]: Reloading rules from lease file
miniupnpd[14332]: version 2.1.20200329 starting UPnP-IGD ext if wan BOOTID=1586254739
miniupnpd[14332]: HTTP listening on port 45797
miniupnpd[14332]: HTTP IPv6 address given to control points : [2a01:260:xxxx:yyyy::1]
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP MAP: added mapping TCP 58948->2a01:260:xxxx:yyyy::2:58948 'PCP MAP dcc40114e4ddc03a1acfa1b9'
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP MAP: added mapping UDP 58948->2a01:260:xxxx:yyyy::2:58948 'PCP MAP 50bb6487bb599a113ebfb0a7'
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58951 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:58952)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: HTTP REQUEST from [2a01:260:xxxx:yyyy::2]:58952 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 2a01:260:xxxx:yyyy::1:45797
miniupnpd[14332]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:yyyy::1:45797)
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58953 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58954 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[14332]: AddPortMapping: ext port 58944 to 10.0.0.2:58944 protocol TCP for: qBittorrent/4.2.3 leaseduration=3600 rhost=
miniupnpd[14332]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[14332]: redirecting port 58944 to 10.0.0.2:58944 protocol TCP for: qBittorrent/4.2.3
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58955 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[14332]: AddPortMapping: ext port 58944 to 10.0.0.2:58944 protocol UDP for: qBittorrent/4.2.3 leaseduration=3600 rhost=
miniupnpd[14332]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[14332]: redirecting port 58944 to 10.0.0.2:58944 protocol UDP for: qBittorrent/4.2.3
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:1900 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to 10.0.0.2:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://10.0.0.1:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: upnp:rootdevice (ver=0)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:51687 ST: upnp:rootdevice
miniupnpd[14332]: Single search found
miniupnpd[14332]: SendSSDPResponse(): 0 bytes to [::ffff:10.0.0.2]:51687 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:c3c29ee2-0792-11e9-9954-7e6e97c927f1::upnp:rootdevice
EXT:
SERVER: Gentoo/2.7 UPnP/1.1 MiniUPnPd/2.1.20200329
LOCATION: http://[2a01:260:xxxx:yyyy::1]:45797/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1586254739
BOOTID.UPNP.ORG: 1586254739
CONFIGID.UPNP.ORG: 1337

miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: level=0 type=8
miniupnpd[14332]: ifindex = 5  10.0.0.1
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from 10.0.0.2:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: Received UDP Packet (IPv6)
miniupnpd[14332]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
miniupnpd[14332]: SSDP M-SEARCH from [::ffff:10.0.0.2]:55677 ST: urn:dial-multiscreen-org:service:dial:1
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP: TCP port 46 mapping removed
miniupnpd[14332]: ReceiveNATPMPOrPCPPacket: packet destination: fe80::523e:aaff:fe10:dbf3 scope_id=5
miniupnpd[14332]: PCP request received from [2a01:260:xxxx:yyyy::2]:51689 60bytes
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:51689)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: PCP: UDP port 46 mapping removed
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58977 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[14332]: DeletePortMapping: external port: 58944, protocol: TCP
miniupnpd[14332]: removing redirect rule port 58944 TCP
miniupnpd[14332]: Trying to delete nat rule at index 2
miniupnpd[14332]: Trying to delete filter rule at index 2
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58978 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[14332]: DeletePortMapping: external port: 58944, protocol: UDP
miniupnpd[14332]: removing redirect rule port 58944 UDP
miniupnpd[14332]: Trying to delete nat rule at index 2
miniupnpd[14332]: Trying to delete filter rule at index 2
^Cminiupnpd[14332]: shutting down MiniUPnPd


LOG of a client (qbittorrent) - requesting and removing port mapping....
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1487

PostPosted: Tue Apr 07, 2020 4:12 pm    Post subject: Reply with quote

Code:
miniupnpd[14332]: HTTP REQUEST from [::ffff:10.0.0.2]:58951 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 10.0.0.1:45797
miniupnpd[14332]: get_src_for_route_to ([2a01:260:xxxx:yyyy::2]:58952)
miniupnpd[14332]: get_lan_for_peer() looking for LAN interface index=5
miniupnpd[14332]: ifname=lan index=5 str=10.0.0.1 addr=0a000001 mask=fffff000
miniupnpd[14332]: HTTP REQUEST from [2a01:260:xxxx:yyyy::2]:58952 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[14332]: Host: 2a01:260:xxxx:yyyy::1:45797
miniupnpd[14332]: DNS rebinding attack suspected (Host: 2a01:260:xxxx:yyyy::1:45797)


It looks like the client does 2 requests. 1 with IPv4 with success, and 1 with IPv6 which fails because miniupnpd fails to recognize 2a01:260:xxxx:yyyy::1:45797 as a valid Host: header. It should be [2a01:260:xxxx:yyyy::1]:45797.

You should report this to qbittorrent.

Everything works fine afterward because the client uses the IPv4.

If you are using miniupnpd only for IPv4 port mappings, I think you should disable the IPv6 support.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Tue Apr 07, 2020 5:56 pm    Post subject: Reply with quote

miniupnp wrote:
Everything works fine afterward because the client uses the IPv4.

If you are using miniupnpd only for IPv4 port mappings, I think you should disable the IPv6 support.


I had it with ipv6 disabled until like a week ago, but then i noticed IPv6 support is convenient way to auto add ip6tables rule for that specific port to forward chain so i dont need to forward all ipv6 inbound traffic to my computer Smile i guess i could make port static (currently its random) and create rule manually... and like i said everything seems to work anyway, ipv4&ipv6, its just an error that annoys me and didnt know, if its miniupnpd fault or maybe clients and i have a habit to go quickly thru logs every couple of days if something funky is going on and this qualified as funky Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Bugs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.