February 11, 2013

UPnP a little too Universal

UPNP aka Universal Plug-n-Play  maybe you've heard of it, maybe you haven't.  It's been around for a long time and is supposed to make things easy when it comes to devices talking to each other on networks. 

The problem is, easy is usually the same as leaving the front door wide open for anyone to stroll in and take your stuff.

When I buy a router for my house, one of the first things I do when I set it up is to turn off UPnP.   I am not a gamer and I have no reason for it to be running in my little world.  If I help anyone set up a router, I walk them through turning it off.  It's just better that way.  Far fewer problems when you turn stuff off you never use.

Last week while I was buried under a work firewall spring cleaning and a little bit of snow, Rapid 7 (a computer security company) released a paper saying there were even more severe flaws in UPnP than we have seen to date.  There was a buzz about this in headlines, but I didn't have time to look at it. 

After much shoutiness, the UPnP forum responded along the lines of:  well, it's old stuff and not being used as intended. 

I would say there is much in the world of computers that is not being used as intended.  Either because people don't know how to use it or they do know and they want things to work their way.  That's the world. 

So what does this mean to you? The answer is, It depends.  Are you a gamer? You may be well informed on UPnP and how to use it properly. Do you have no idea what this is? Your system may have UPnP active without your knowledge. 

No matter where you fall on the scale,  there are a few things you might want to consider doing. 

1. Nothing. This is always an option. It leaves you no better or worse than before.

2. Log into your router and check to be sure UPnP is disabled if you don't use it.

3. Along these same lines, if you log into your router, check for any firmware updates and apply them.  Almost no one does this because almost no one knows you should do this.  I have a calendar reminder once a month to log into my router and check for updates.  Most of the time there are none.

4. Head over to grc.com, scroll down the home page, and (at the moment) the second item is the new Shield's Up! test for UPnP.  It will tell you very quickly if you have a problem or if you're okay. From there, if you have a problem, you will need to figure out how to fix it on your router. 

5. GRC's port scanner is easy to use and is on the same page as the UPnP test. I don't go all out for everything on the site, but this one thing is very convenient and can give you a heads up if there is something you should be aware of.

It's worth a few minutes to make sure you aren't doing any unintended broadcasting to the internet.  So check out your router.

Happy browsing.

Posted by: Teresa in WebTech at 12:01 PM | Comments (1) | Add Comment
Post contains 554 words, total size 3 kb.

1 I do know what plug-n-play is!!

Posted by: Bou at February 26, 2013 11:09 PM (k+xbT)

Hide Comments | Add Comment

Post is locked.
23kb generated in CPU 0.02, elapsed 0.0615 seconds.
69 queries taking 0.0504 seconds, 238 records returned.
Powered by Minx 1.1.6c-pink.