pandora
Premium
join:2001-06-01
Outland
 ·ooma
·Future Nine Corpor..
 ·Comcast
|  reply to NormanS
Re: UPNP Setup
said by NormanS  :Just curious about what kind of vulnerabilities would exist with UPnP enabled on the Windows PC, but disabled on the router ... I don't know about network vulnerabilities. I do know enabling some UPnP features in "Network Neighborhood" can adversely affect automatic startup of applications on boot.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to pandora
said by pandora :Be careful about network UPnP on your windows PC's. It can create serious vulnerabilities. GRC made a Windows UPNP detection application which has been helpful to me over the years. You can find it here - » https:// www.grc.com/unpnp/unpnp.htm Just curious about what kind of vulnerabilities would exist with UPnP enabled on the Windows PC, but disabled on the router ...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
pandora
Premium
join:2001-06-01
Outland | reply to J92Devils
I think, but am not certain (only 99%), that Windows Media Center requires network UPnP to work correctly.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| reply to J92Devils
Alright, I will try it. Thanks for all the help. It seems pretty irresponsible of Microsoft to just turn on UPNP for everybody.
Also, does the UNPNP program to disable the UPNP on Windows not for Windows XP Media Center? It worked for me on XP Home and Professional but not on Media Center. Is there a reason for that? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to J92Devils
Network UPnP at least in XP and Vista still seems a mess at least IMO. Try turning on "Show icons for networked UpNP devices" in the Network Places folder sometime. When I do it with Windows XP it messes up a ton of stuff, including my system boot (half the stuff never gets started at boot). I don't know why Microsoft has never been able to resolve this. Things seem a lot better with Windows 7 for me (so far).
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| reply to pandora
Okay, thank you for the help. That's the strategy that I will try to implement as well.
Also, I was just wondering, even with all of the Windows XP security updates and service packs, Microsoft wasn't able to fix the UPNP security vulnerability? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to J92Devils
That is what we do. We use the GRC tool to disable network UPnP on our PC's, but still have our PS3's, Xbox 360's and everything else that uses UPNP (our DVR's) run without any problem.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| reply to pandora
The only reason that I was interested in UPNP is because there are two xbox 360's in my house connecting through one router, causing NAT problems for each system. I thought UPNP would help this, so can I use that tool to disable UPNP on all my Windows computers but allow it for the xbox 360's? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to J92Devils
You can't know in advance what ports a UPnP device will open. However, after a while, you may be able to know what they have opened or tried to open in the past. Personally I don't think that helps the security situation much.
My router lets me add a security feature limiting a LAN device to opening ports only for itself. It can't open ports for any other device on my LAN. Personally I think that should have been part of the UPnP spec to begin with.
Be careful about network UPnP on your windows PC's. It can create serious vulnerabilities. GRC made a Windows UPNP detection application which has been helpful to me over the years. You can find it here - »https://www.grc.com/unpnp/unpnp.htm
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26 | reply to Lasko
Isn't the idea that I don't know what ports the program will use, so I let it configure itself with the UPNP? How would I know in advance what ports will be used? |
|
Lasko
@cox.net
| reply to J92Devils
While I am not familiar with the router in questions some vendors have begun trying to mitigate the complete lack of security in upnp by requiring the user to specify which ports, etc. are authorized prior to actually allowing a client to open them. While only a small step to rectify the lack of security in upnp it is better then nothing. |
|
pandora
Premium
join:2001-06-01
Outland | reply to J92Devils
If it's coming up automatically, I'd just leave it alone. UPnP should be automagic. |
|
J92Devils
join:2008-03-26
| reply to J92Devils
I am using the Linksys RVO42. Here's a screenshot of my UPNP setup page. The two entries there appeared automatically but the instructions in the manual tell me to pick a port number and everything and make my own entries into that table. Should I just ignore the table, as you guys said that the UPNP should work automatically? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to J92Devils
Tomato 1.23 UPnP configuration page |
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK | reply to J92Devils
What make and model router?
Your right though in that UPnP should just work. |
|
J92Devils
join:2008-03-26
| I believe that I understand what UPNP is, but my router is confusing me. When I go to turn on UPNP in my router, it is asking me to choose an internal port, an external port, and an ip address. I thought that with UPNP you simply had to turn it on and then the devices handled all the port numbers. Why is the router asking me for all of this information? Wouldn't that be the information I would find if I wanted to configure port forwarding by myself under the port forwarding tab? |
|
