First things first. Universal Plug and Play (UPnP) is a set of computer network protocols. The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home and some corporate environments. This is used for data sharing, communications, and entertainment. I won’t go any further trying to explain it. To be honest, I didn’t know much about it until I started reading about the problem with UPnP. The problem is there is no authentication with UPnP. OK, that isn’t good at all. Why should you be concerned with this? Well total pwnage is what we are talking about. Some bad people can get control of your router which has horrible ramifications. If you want to more on this subject, Google UPnP and Computer Security to read additional information on this topic.
So here is what we have to do. First things first. How can we shut this off? Well you probably have purchased a router that you use in your home. One of the more popular devices is the Linksys WRT54G. Netgear sells them as well as many others. If you have never logged into your router, let me tell you how to do this. Open up Microsoft’s Internet Explorer and type in the IP address assigned to your router. Let’s say that you own a WRT54G from Linksys. Linksys routers use 192.168.1.1 for their internal IP address. Enter the address ‘http://192.168.1.1′. What you should be presented by is something like login screen that has a user name and password. If you have never changed the default password on your router, this will be a good time to do that as well as turning off UPnP. If you don’t know the default password, go here to find the default user name and password for your router. This is great router resource.
Once you have logged on successfully, you will be presented with a web interface. Normally on the left hand side of the page, you will see different areas you can check and change. If you still have the default name and password, then change this immediately. Then find where UPnP is turned on, and turn that bad boy off. Then you can click on log off, remember your password that you set and don’t set it to a word in the dictionary.
Gnucitizen (A computer security researcher) has several postings since the first of the year on UPnP. Check his blog out where he really breaks down the issues with UPnP. His point is, TURN IT OFF!
Stay safe. Rock Chalk Jayhawk GO KU!!