Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jeffbb]

HI
Can anyone please tell me if UPnP is normally "on" or "off" . I have only 2 PCs using the router . Does having it "on" carry any risk to security ?

Regards Jeff

[silversurfer44]

Hi Jeffbb,
in short if you don't need UPnP then turn it off. It is a security risk one which gives Adobe a bad name for being exploitable. Also if you don't understand it the I would suggest turn it off. I have used it both ways and never had any bother, touch wood, but it is a risk.

[jeffbb]

Hi
Thanks  I will leave it off its all working with it off so no problem

Regards Jeff

[Weaver]

You may at some point find you have an application that needs UPnP, but for web browsing and email you don't need it.

[Zoe]

Hi 

I've just had a look at Wikipedia .. But didn't really understand much of it 

Is UPnP needed if you're using say an Xbox or PS3 ?

Zoe

[Weaver]

Possibly, although that's outside my experience.

Basically, if you are using NAT (http://en.wikipedia.org/wiki/Network_address_translation), as are most domestic users, and if you don't know you almost certainly are, certain apps such as Windows Messenger/Windows Live Messenger/MSN Messenger need your router to support UPnP if you use NAT. I can imagine a scenario where Windows Messenger works but user-to-user file-transfer doesn't happen if NAT is in use but UPnP is not available.
For example :
    http://help.uk.msn.com/livemessenger/userguide/article.aspx?cp-documentid=4409982
    http://support.microsoft.com/kb/927847

Some while back I posted a link to this Microsoft tool
    http://www.microsoft.com/windows/using/tools/igd/default.mspx
which the features and quality of the software in your router. (Important note: need to be logged in as an administrator on your machine to run the Microsoft tool, and x64 users I believe it doesn't start up in IE7/8 x64.)

[silversurfer44]

It's for the very reasons that weaver mentions about traversing your built in safety of NAT (Network Address Translation). When you activate UPnP you effectively advertise to the world your private ip address and say here I am come and connect to my PC. If you don't need it, don't understand it then disable it. If you find that something misbehaves for the lack of UPnP then activate it for that session only, then disable it again. It is a security risk. Wikepedia will have told you that I'm sure.

[Zoe]

Hi  

I've never activated UPnP  
So I'm hoping it's already OFF by default.

Even though I know more about Broadband, Routers, etc ... Than I did a few years back.
Even though I've learnt so much more in the last few months... Since my BB problems - & - Coming here to Kitz forum  8)

Still consider myself a Newby learner  


Will have to double check that UPnP is definitely - OFF


Thanks!

Zoe

[roseway]

@SS44: That's not quite correct. Even with uPnP enabled, the outside world can't see past your NAT barrier on its own. It's only when you run an application which makes use of uPnP that a port used by that application is opened up. The opened port is linked to the application which opened it, so it doesn't give free general access to your system. The only danger is that a badly written or malicious application could use uPnP to open a port and advertise its presence. It's certainly a security concern, but a small one.

[silversurfer44]

Ooh, as I understand the way UPnP works is by configuration, in that one designates a period when the presence of the port(s) are open, i.e. advertise the presence of the computer on the wan. It has been drilled into me ever since I first used a Windows OS that UPnP was a security risk by the virtue of me visiting  a crafted website that was looking for such exploits. I would still maintain that if it is not needed then it should not be enabled. Even now that I use Linux I still disable UPnP. However each to his/her own I suppose on this one. How many Windows users actually operate their computer in Administrator mode! Ideal for the persons looking to exploit weaknesses.

[roseway]

Ooh, as I understand the way UPnP works is by configuration, in that one designates a period when the presence of the port(s) are open, i.e. advertise the presence of the computer on the wan.

No, that's not how uPnP is implemented in routers, although it may be implicit in the wider capabilities of the protocol. In routers there's no configuration for uPnP, it's simply on or off, and when it's on it requires an application running on your PC to actually open a port.

[silversurfer44]

  One of these moments. I get them now and then. I stand corrected and back to 

[roseway]

I frequently suffer from those too.

[Zoe]

Hi 

Forgot about my Netgear user Manual 

Universal Plug and Play

Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, to
access the network and connect to other devices as needed. UPnP devices can automatically
discover the services from other registered UPnP devices on the network.

Note: If you use applications such as multiplayer gaming, peer-to-peer connections, realtime
communications such as instant messaging, or remote assistance (a feature in
Windows XP), you should enable UPnP.

To turn on Universal Plug and Play:
1. From the main menu, under Advanced, click UPnP. The UPnP screen displays.


2. The available settings and information in this screen are:

• Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration.
The default setting for UPnP is disabled. If this check box is not selected, the router does
not allow any device to automatically control the resources, such as port forwarding
(mapping) of the router.

• Advertisement Period. The advertisement period is how often the router broadcasts its
UPnP information. This value can range from 1 to 1440 minutes. The default period is 30
minutes. Shorter durations ensure that control points have current device status at the
expense of additional network traffic. Longer durations might compromise the freshness
of the device status but can significantly reduce network traffic.

• Advertisement Time To Live. The time to live for the advertisement is measured in hops
(steps) for each UPnP packet sent. The time to live hop count is the number of steps a
broadcast packet is allowed to propagate for each UPnP advertisement before it
disappears. The number of hops can range from 1 to 255. The default value for the
advertisement time to live is 4 hops, which should be fine for most home networks. If you
notice that some devices are not being updated or reached correctly, then it might be
necessary to increase this value.

• UPnP Portmap Table. The UPnP Portmap Table displays the IP address of each UPnP
device that is currently accessing the router and which ports (Internal and External) that
device has opened. The UPnP Portmap Table also displays what type of port is open and
whether that port is still active for each IP address.

3. Click Apply to save your settings.

So...
UPnP should be OFF by default!  8)

Zoe

[silversurfer44]

Thank you for that Zoe, I'm not going doo lally then

2. The available settings and information in this screen are:

• Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration.
The default setting for UPnP is disabled. If this check box is not selected, the router does
not allow any device to automatically control the resources, such as port forwarding
(mapping) of the router.

• Advertisement Period. The advertisement period is how often the router broadcasts its
UPnP information. This value can range from 1 to 1440 minutes. The default period is 30
minutes. Shorter durations ensure that control points have current device status at the
expense of additional network traffic. Longer durations might compromise the freshness
of the device status but can significantly reduce network traffic.

• Advertisement Time To Live. The time to live for the advertisement is measured in hops
(steps) for each UPnP packet sent. The time to live hop count is the number of steps a
broadcast packet is allowed to propagate for each UPnP advertisement before it
disappears. The number of hops can range from 1 to 255. The default value for the
advertisement time to live is 4 hops, which should be fine for most home networks. If you
notice that some devices are not being updated or reached correctly, then it might be
necessary to increase this value.

Enough said.