UPnP and networking

[David Cook]

Lately, I've been reading some threads that mention 'UPnP' in regards
to the network-configuration. (I've installed many wireless/wired router
boxes from different vendors, but so far I've never noticed that any of
them had a feature with this name.)

So, can someone straighten me out on a few of the concepts? Here's
a few questions to start the discussion around:

(1) Let's say I log into a Win-XP machine that is cat-5 wired into a port
of a router that is using this UPnP capability. If I drill down into the
Network Connnections applet in the control-panel, will I be able to find
some icon or
checkbox that will SHOW me that this 'UPnP' feature is in fact ENABLED?
(If so, exactly where?)

(2) Can you describe in 'concise terms' what this feature accomplishes and
when and
when NOT to enable it?

(3) If I log into the browser-based mgmt-interface provided by one of
these external router-boxes, will I have to explicitly ENABLE this 'UPnP'
feature? Will it probably be DISABLED by DEFAULT?

(4) Can you name (at least one) specific vendor model of a wireless-router
that DOES support
this feature?

TIA...

Dave

 

[Chuck]

Lately, I've been reading some threads that mention 'UPnP' in regards
to the network-configuration. (I've installed many wireless/wired router
boxes from different vendors, but so far I've never noticed that any of
them had a feature with this name.)

So, can someone straighten me out on a few of the concepts? Here's
a few questions to start the discussion around:

(1) Let's say I log into a Win-XP machine that is cat-5 wired into a port
of a router that is using this UPnP capability. If I drill down into the
Network Connnections applet in the control-panel, will I be able to find
some icon or
checkbox that will SHOW me that this 'UPnP' feature is in fact ENABLED?
(If so, exactly where?)

(2) Can you describe in 'concise terms' what this feature accomplishes and
when and
when NOT to enable it?

(3) If I log into the browser-based mgmt-interface provided by one of
these external router-boxes, will I have to explicitly ENABLE this 'UPnP'
feature? Will it probably be DISABLED by DEFAULT?

(4) Can you name (at least one) specific vendor model of a wireless-router
that DOES support
this feature?

Dave,

Universal Plug and Play is a common protocol allowing UPnP enabled devices and
programs to interact programmatically, without involvement of the user. In
other words, a UPnP enabled program can control a UPnP enabled device, saving
you from having to manually configure that device.

A good example of this application of UPnP is Windows Messenger and a UPnP
enabled NAT router.
<http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/worki01.mspx>

If you have a networking application like Windows Messenger, that uses dynamic
ports, you have to manually configure the router to permanently open a range of
dynamic ports, and forward them to your computer. If you can use UPnP, making
that application work is simply a matter of enabling UPnP on the router, and the
program tells the router, as needed, to open the right ports at the right time.

Having dynamic ports opened only when needed is a good idea. Leaving ports open
in your router, when not needed, can create a security hole. And the ports can
be forwarded only to one ip address.

If you have multiple computers on your LAN, and want to use Windows Messenger on
more than one, you need UPnP. If you want to use Windows Messenger on a
computer that uses DHCP to get its ip address, you need UPnP.

If you enable UPnP on your Windows XP computer, it will use UPnP to discover,
and automatically configure connections with, all UPnP devices on your network.
This can be a time saver if you have a lot of miscellaneous UPnP enabled
printers, routers, and miscellaneous devices on your network.

If you enable UPnP on your XP computer, you need to block it at your router.
UPnP is a very chatty protocol. I enabled UPnP on my XP computer, and soon
found my computer carrying on conversations (who knows what they were saying?)
with computers outside my LAN.

This is NOT a good idea, if you practice security by stealth (an invisible LAN
is a safer LAN). I disabled the SSDP Discovery Service on my XP systems. My
only UPnP device is my Linksys BEFSX41, and I can control that thru my browser,
so I don't want router control thru UPnP. But Windows Messenger, on any of my
computers, can still open router ports thru UPnP.

As far as wireless router vendors that support UPnP, try Linksys, with the
BEFWS11.
<http://www.linksys.com/press/press.asp?prid=45>
<http://www.microsoft.com/windowsxp/using/windowsmessenger/expert/linksysbefw11s4.mspx>

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.