Steve Smith talks about UPNP, what it does, how it works, and why it is bad news.
Episode #3-08 released on November 4, 2012
UPNP, also known as Universal Plug and Play, is a set of networking protocols that can be used by any device, including computers and software, to automatically connect to the network, obtain an IP, announce the device's abilities, learn about other networked devices, and enumerate existing port mapping, changing it or replacing it.
This feature added to all new routers for the last three years and it makes it incredibly easily to add devices to a network without having to learn how to connect each other. While, this type of feature makes it easier for anyone to just buy cool gadgets and connect them, it comes with a dark side. Anyone, even those that simply have a computer and a router for firewall protection, can fall prey to the failings of the technology, also nicknamed Universal Plug and Pray.
Let's explain something here, the protocol is not at fault, but those that failed to realize the dangers of making such an open protocol. The problem occurs when some corrupted device or software accesses the firewall port settings and allows for their detection, and makes it possible to inbound traffic to pass through without being asked for. This means when your computer is infected with viruses, rootkits and spyware, these malicious pieces of software punch holes in what is supposed to be secure, a NAT firewall.
A NAT router, or any router since they all use NAT, uses network address translation to indicate which series of packets go to which computer, or which left from which computer. Routers only allow incoming traffic, by default, to enter when requested by a specific client, or device. This can be changed to all traffic to enter in specific ports by manually indicating which ones, or using UPNP. You modify the routing table to indicate what packets go where, and how they travel through the network. It is understandable that the creation of UPNP felt necessary since it may feel overwhelming trying to explain to your grand mother how to connect her Nintendo WII, but the best idea is to program the routing by hand, and not allowing any device, software, or malicious viruses the ability to do so.
The consequences can be great. You can be hacked, for starters. The RDP Exploit, also known as the remote desktop protocol, can be exploited to gain access to your Windows machine, the same is true for all platforms whether Windows, Mac, or Linux, so don't go on screaming your safe yet. Other exploits exist for all platforms, but the result is the same, once someone controls your computer, they can do anything they want like sending out spam, DDOS attacks, etc...
One solution would be the addition of authentication to the protocol. This would allow routers to identify allowed devices, and block access for malicious software and devices. Currently the only ideal solution is to turn off UPNP.
Now, before a bunch of you go off the deep end, the consequences of turning off UPNP for device inside a network are fairly not present. Devices can still communicate with each other, and for the most part, it makes no difference to the network routing tables. The only thing that can't be done is the modification of the routing table, and that will help protect you from being hacked. I, personally, have my UPNP turned off, and have never felt any difference in any console experience, with media players, or other devices.
In order to turn off UPNP, all you have to do is log on in your router, and turn it off, it is normally hidden under the advanced settings. The router will reset, and then try it for a few days, if nothing happens, leave UPNP off, that's it.
Next week, I'm going to be teaching you how to connect your Ubuntu 12.10 device to a NAS Drive, also known as network attached storage. I'll be doing the demonstration with the D-Link DNS-325, and I'll be talking about the process of connecting, and my opinions on the machine.
Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions