Security

UPnP - Disabling a Vulnerability

You may have heard about UPnP (Universal Plug and Play) in the media recently and how it might be exploited by an attacker to take your system over.  

What is UPnP?

The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP and can be loaded into Windows 98, ME and Windows 2000, basically turns each of those systems into a totally open Internet server.  It listens for TCP connections on port 5000 and for UDP packets arriving on port 1900.  This allows malicious hackers or Internet worms to easily pinpoint Windows UPnP-equipped machines and exploit any vulnerabilities present.

NOTE - XP's built-in Internet Connection Firewall (ICF) block this, as does many other third-party personal firewalls.  

Now, technology is about being able to predict (or at least shape) the future and this really is behind why Microsoft places UPnP into Windows XP.  One day, UPnP might have legitimate uses (although given the bad press it has received so far, this is now unlikely), but the truth as it stands right now is that the majority of Windows XP users don't need UPnP.

Can UPnP be "Switched off"?

Fortunately, yes!  Steve Gibson for the Gibson Research Corporation has bought out an application called UnPlug n' Pray.  This tiny download (only 22 kb) enables you to enable and disable UPnP on demand without the need for a reboot.

For more information and to download UnPlug n' Pray, visit http://grc.com/unpnp/unpnp.htm

Microsoft on UPnP: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-054.asp 

The UPnP forum: http://www.upnp.org/



Adrian Kingsley-Hughes
Last updated: May 4th 2004
Print This Page   |   Email me when this page changes    |  Search This Site



Crucial.com System Scanner does the work for you!




Contact Us