Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.
 Entire forum ➜ MUSHclient ➜ Suggestions ➜ UPnP support

UPnP support

It is now over 60 days since the last post. This thread is closed.     Refresh page


Pages: 1 2  

Posted by Shadowfyr   USA  (1,788 posts)  Bio
Date Tue 29 May 2007 04:24 AM (UTC)
Message
Ok, I have no idea "how" you do that. But, some things, like the chat system, where developed "prior" to the existence of UPnP. Thing is, most routers/modems, etc., including mine, since I just did a firmware update, support UPnP. Basically, even in a NAT environment, if you have a UPnP client running, it can use the UPnP features to *temporarily* DMZ only those ports specifically required to support the features. In other words, if Mushclient was UPnP aware and I was using it behind a router (which I may be soon), while Mushclient was running it would "automatically" open the ports for that feature, using something called NAT Traversal. This means people could connect to me, even though I was "still" otherwise behind the routers NAT system. To quote the page I looked at, to try to find out what the heck UPnP was:

http://www.updatexp.com/upnp.html

------
The UPnP forum realised that this was going to be a HUGE problem so they developed something called "NAT Traversal"

Essentially NAT Traversal can automatically solve many of the problems NAT imposes on applications such as Net Meeting. It is still NAT but has the added function of keeping open the "ports" that are needed during the Net meeting session. This then allows all the "packets" of information to get through.

So all software companies that want to have their applications work on your NAT based network have to make their software UPnP enabled. As you can imagine Microsoft have done this for all their XP software. e.g., Net meeting and MSN Messenger.
------

This might be something we want to look into. Or Nick might, if he is interested in doing so. Right now, anyone behind a router, etc. can't use chat effectively, without DMZing the machine, and leaving them vulnerable to attacks. That, or they must use port redirection, which has to be configured manually. This might solve that issue, maybe. Depending on how it ends up actually working.
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #1 on Tue 29 May 2007 05:18 AM (UTC)
Message
I'm kind of confused as to what exactly is done here. I mean, I understand that UPnP just does port forwarding, but I don't see any information on that site you posted as to how it's done. No protocol, code, or anything aside from the 2003 security update of "Oh no, this opens up ports!" which is the point of UPnP.

Having a link to upnp.org might have been a bit better, as the documentation is quite a bit more substantial. This site also has some things which are actually relevant for development.

As it stands, it should be easy enough for people to open up a port on their router / gateway as it is without having to implement anything additional. This might be ok at home, where you should have access to the NAT tables anyway, but most network administrators should have this turned off though, since it could open up a network for abuse.

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #2 on Tue 29 May 2007 05:28 AM (UTC)
Message
After a bit of searching, I found this: http://upnp.sourceforge.net/ Sourceforge rarely lets me down. It's an implementation of UPnP for Linux, and I'm not terribly sure how well that translates into a Windows program. Also, since I don't have a legal version of MFC yet, I can't compile MUSHclient, so I can't even try to add this on my own.

There are lovely examples of UPnP in use there though, as well as some pretty decent documentation on the protocol itself.

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Nick Gammon   Australia  (23,120 posts)  Bio   Forum Administrator
Date Reply #3 on Tue 29 May 2007 06:39 AM (UTC)
Message
UPnP - is that Unplug n' Pray?

I suggest you read this page:

http://www.grc.com/unpnp/unpnp.htm


I quote from their big headline:

Quote:

The FBI has Strongly Recommended that All Users Immediately Disable Windows' Universal Plug n' Play Support


- Nick Gammon

www.gammon.com.au, www.mushclient.com
Top

Posted by David Haley   USA  (3,881 posts)  Bio
Date Reply #4 on Tue 29 May 2007 07:09 AM (UTC)
Message
I like how none of the UPnP sites bother saying what it actually stands for. Even Intel's "Technology Overview" site, http://www.intel.com/cd/ids/developer/asmo-na/eng/downloads/upnp/overview/index.htm, doesn't seem to find it of use to define the term...

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #5 on Tue 29 May 2007 02:25 PM (UTC)
Message
I could see a plugin opening up a chat port being decently useful. There are enough people around who have no clue what they are doing and let UPnP stay enabled as the default. Several libraries around here do, which allows for people with laptops to do some interesting things. Having a plugin would allow people who use these networks to add UPnP ability for chat without keeping it as a default, wasting time trying to use a disabled service.

As far as I can tell, it just requires a simple xml file to be sent to the router. Also, since the default for XP and Vista is to have UPnP turned on (Have to love how Microsoft tries to pass this off as secure somehow), it might be "useful" for more people than you think.

Personally, I like having some control of my router, especially since I use a fairly insecure wireless connection at my house (Just WEP).

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Shadowfyr   USA  (1,788 posts)  Bio
Date Reply #6 on Tue 29 May 2007 06:34 PM (UTC)
Message
Yes Nick. The page I linked says that, and I quote, "XP's early version of UPnP support was not secure." That may mean its *still* not, after all, we are talking about Windows here and their *implementation* of something that someone else created, and when have they *ever* followed spec correctly from anyone else? But who says you have to rely on Windows to tell the router to open/close the ports? If I was doing it, I wouldn't rely on Windows drivers anyway (which you don't generally need to a router), but talk to the damn router more directly, using the more secure methods.

That said, I didn't actually look for any info on how to make it work. I just stumbled over it and thought, "Hmm. This could be useful, maybe.", so I posted about it and figured if I was right, someone else could take a look at it. As with Shaun, I don't exactly have an MFC compiler lying around to try it with. lol
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #7 on Tue 29 May 2007 09:08 PM (UTC)
Message
Shadowfyr, you might have also checked your own links a bit more thoroughly. At the end of the page that you posted, there is a security link. Down at the bottom, there is a message:
Quote:

However, I really do believe that Microsoft SHOULD NOT have left the UPnP services running by default on Windows XP machines. So let me repeat in closing, if you DO NOT need Universal Plug And Play your home network, or stand alone home PC then DISABLE Universal Plug And Play - today!

Not a great recommendation for use of UPnP. Still, it does have it's uses on networks where the system administrator doesn't know what he/she is doing and leaves UPnP open. The main issue with the old M$ implementation of UPnP is that it allowed a DDoS attack, if I remember correctly. And more than one virus has exploited UPnP. That's really nothing that concerns anyone making something which uses UPnP correctly, it's just the fault of the concept in general. You should always keep ports closed to your users unless you specifically open them up for a certain task.

Looking at UPnP though, it does seem like a quick VBscript or Lua plugin would do the trick without having to modify the MUSHclient code at all. I'm not willing to install UPnP on my system just to test this out, but I'm sure it can be done fairly easily with just Lua's sockets library.

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Shadowfyr   USA  (1,788 posts)  Bio
Date Reply #8 on Wed 30 May 2007 05:24 PM (UTC)
Message
Hmm. This is one thing I am not getting at all. Why the heck does UPnP have to be "active" in Windows? I mean, if you are using it as part of a firewall, where the firewall needs to let people/things through, then OK, but I would presume that most people use better firewalls than that, and can be more selective about if/when a port is open. A modem/router is "not" part of the OS. The OS doesn't have any control over its UPnP services "period". With a modem, maybe that would be different, but still not likely, since most modems are on the "other side" of a router, and are not directly connected to the machine, so having a "driver" for them makes no sense either, which means Windows isn't going to be using its UPnP to tell the modem's UPnP anything.

Do you see my point? Why does Windows even have UPnP, when those types of services are better handled by the firewall systems in the routers/modems? The only place I can see it making sense is if you are running your machine as a server on a network, with the intent of having *it* act as one of the routers. Otherwise... It just doesn't make any sense to me why you need NAT traversal services on the physical machine you are using, when the *machine* itself isn't even doing the NAT services or traversal. But yeah. Having it on by default is just stupid, especially in like 90% of all cases where its redundant in the first place. Like on *most* people's networks.
Top

Posted by David Haley   USA  (3,881 posts)  Bio
Date Reply #9 on Wed 30 May 2007 05:47 PM (UTC)
Message
Isn't the whole point that you would use UPnP to control network devices from your computer?

BTW not to be a stickler or grammar nazi or anything but it'd be really great if you used quotation marks consistently for either emphasis or quotation but not both, or better yet, if you used asterisks for emphasis. :-P

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #10 on Wed 30 May 2007 06:04 PM (UTC)
Message
What you just said is exactly the complaint of most sane individuals. WindowsXP and Vista have UPnP enabled [u]by default[/u] for some bloody stupid reason, and the first thing anyone with a lick of common sense does is disable it. You might also question why they have had a browser as "part" of the OS, or why they are adding DRM into the os instead of having it in software where it belongs. I would also have to agree that the OS has no control over UPnP, but UPnP does use various drivers which, under windows, are within kernel space instead of user space.

I personally have NAT on my machine because it's the one always connected to the internet. I turn on my wireless router connected to eth1 only when I use my laptop. UPnP would remove the need for me to set up routing manually through NAT, but I would rather have a more secure system in case anyone is stealing my wireless connection. I don't mind that terribly, but I'd rather not have people running an ftp server or anything off of my connection.

Either way, the main recommendation for UPnP is to have it turned on, set up all the programs to open various ports, then turn it off, double checking every new and again to make sure that Microsoft hasn't turned it back on again as part of their updates.

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Shadowfyr   USA  (1,788 posts)  Bio
Date Reply #11 on Fri 01 Jun 2007 01:06 AM (UTC)
Message
Ok. Here is a good question then... Where the heck is the UPnP settings under XP. I can't find them on mine, but then, its not like MS is ever entirely rational in what places they hide some of this stuff. :p
Top

Posted by Shaun Biggs   USA  (644 posts)  Bio
Date Reply #12 on Fri 01 Jun 2007 04:49 AM (UTC)

Amended on Fri 01 Jun 2007 06:49 AM (UTC) by Shaun Biggs

Message
To answer that question, I would have to refer you to the link you originally posted, which sounds like a circular reference to me. The link is down at the bottom of the page, but I'll post it here: http://www.updatexp.com/upnp_security.html

It is much easier to fight for one's ideals than to live up to them.
Top

Posted by Shadowfyr   USA  (1,788 posts)  Bio
Date Reply #13 on Sat 02 Jun 2007 03:01 AM (UTC)
Message
Silly me. Didn't read anything in the article beyond the info on what it was. :( Nice to know their is a simple way to get at it, less nice that its not in the control panels or any other more visible place.
Top

Posted by Tsunami   USA  (204 posts)  Bio
Date Reply #14 on Sat 02 Jun 2007 03:31 AM (UTC)
Message
I don't know much on the subject, but that article is dated 2003, and talks about events in 2001. Doesn't sound like the most reliable information at the moment to me.
Top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


50,663 views.

This is page 1, subject is 2 pages long: 1 2  [Next page]

It is now over 60 days since the last post. This thread is closed.     Refresh page

Go to topic:           Search the forum


[Go to top] top

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.