Friday, August 26, 2011

UPNP has always been a bad idea!

UPNP is a protocol that allows an application to open up ports on a router so that incoming packets from the Internet get to the correct IP address on the LAN. It's typically used to allow the XBox360 to set up open ports through your router to allow multi-player gaming. If both XBoxes are behind NAT routers there is no way that unsolicited traffic from one can make it to the other (hey, I never wanted your bullets to hit me!). Skype suffers thus if both callers are behind NAT routers (i.e. in most cases; who has an internet-facing IP address on their machine nowadays?) - details here). More recent versions of Skype will make use of UPNP if it's on the router.
You won't be surprised to learn that it's a Microsoft technology and I've always encouraged people to disable it on their routers. Any piece of malware inside your network can open ports and invite any other nasties in. In the case of XBox there are about four ports you need to open up for the Live! service to work. Anyhow - it turns out that Linksys routers have a bug that allows UPNP activation on the WAN side - that's right, with the correctly formatted packets you can open ports through a Linksys router from the Internet. Using something like UPNP Port Mapper will allow you to scan Internet IP addresses and open ports on those routers.

The title link is to the article on The H.

No comments: