Universal Plug and Play

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

UPnP is short for Universal Plug and Play, a networking architecture that provides compatibility among networking equipment, software and peripherals of the 400+ vendors that are part of the Universal Plug and Play Forum.

UPnP works with wired or wireless networks and can be supported on any operating system. UPnP boasts device-driver independence and zero-configuration networking.

The UPnP architecture allows peer-to-peer networking of PCs, networked appliances, and wireless devices. It is a distributed, open architecture based on established standards such as TCP/IP, UDP, HTTP and XML.

The UPnP architecture supports zero-configuration networking. A UPnP compatible device from any vendor can dynamically join a network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence and capabilities of other devices. DHCP and DNS servers are optional and are only used if they are available on the network. Devices can leave the network automatically without leaving any unwanted state information behind.

Networking products that include Universal Plug and Play technology will seem to work automatically when physically connected to the network. UPnP can work with essentially any networking media technology, wired or wireless. This includes, for example: Category 5 Ethernet cable, Wi-Fi or 802.11B wireless networks, IEEE 1394 ("Firewire"), phoneline networking or powerline networking. As these devices and PCs are connected with one another, it becomes easier for users to take advantage of innovative new services and applications.

UPnP NAT Traversal

A UPnP technology proposal for NAT (Network Address Translation) seeks to solve networking problems caused by using NAT. Simply put, NAT breaks some software due to the way it works. A system called UPnP NAT Traversal is a way to solve NAT problems in a fashion that is transparent to the end user. This solution is related to the work being done on the specification for the Internet Gateway Device (IGD) by the UPnP IGD Working Committee.

UPnP Security

On 20 December 2001 Microsoft admitted that Universal Plug And Play (UPnP) in Windows XP posed a security threat to ALL users of the operating system. Of the many UPnP security issues, one is a buffer over run condition as the result of an unchecked buffer in one of the components that handles messages that advertise the availability of Universal Plug And Play capable devices on a network. Though an exploit of this vulnerability a system cracker could gain administrative access to your Windows XP computer system.

UPnP security issues are not confined to the Microsoft Windows operating system. Many UPnP devices have security holes as a result of UPnP technology. A vulnerability in networking devices that support UPnP (Universal Plug and Play) can be exploited through a malicious SWF (Flash) file on a Web site. Visiting such a Web site may allow an attacker to reconfigure or take over devices connected to the victim's system that support UPnP. This includes routers, cameras, printers, mobile phones, and digital entertainment systems. This particular family of vulnerabilities exploits two very flawed technologies, UPnP and Macromedia / Adobe Flash.

As with all "One Size Fits All" super easy for the end user, dumb it down so no one needs any technical ability technologies, UPnP makes your computer and network less secure. If you can, disable it.

 

 

Retrieved from "http://wiki.robotz.com/index.php?title=Universal_Plug_and_Play&oldid=3218"