D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] UPNP

 

Thanks chaps. It's a goner.


On 4 December 2013 10:28, Gordon Henderson <gordon+lug@xxxxxxxxxx> wrote:
On Wed, 4 Dec 2013, Philip Hudson wrote:

What's it for? What do I lose or risk losing if I turn it off? The
intertubes make it sound very clever but don't offer any examples I even
recognize let alone need or use.

It's a pretty good way to allow the Internet of things to talk to "things". It lets devices assign their own IP addresses (in the absence of DHCP), find out stuff about other things, and advertise their thingability to other things.

On the surface it's great, but it lacks authentication.

Especially one particular aspect of it (which is the one that people tend to hear about, and not all the other stuff that goes with it) and that's NAT traversal. Essentially a UPnP device can tell the local router, "Hi, it's me, open port 6123 for me" and the router will add in port forwarding for external port 6123 to whatever the things internal port is. (Or something like that) This typically happens with no authentication, so suddenly a thing is exposed to the Internet and if that thing itself has no authentication and your firewall isn't firewalling, then any man + dog can talk to that thing...

So its generally supposed to be OK for things on a home LAN - so a media server can find a media viewer and a fridge sensor can find a display thing but outside that who knows...

Generally you want to disable it on your router/firewall device, but you can't really stop it on your LAN.

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq



--
Phil Hudson                  http://hudson-it.no-ip.biz
@UWascalWabbit                 PGP/GnuPG ID: 0x887DCA63
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq