Frequently Asked Questions

This page contains the Frequently Asked Questions, with answers. The questions were asked personally at conferences, via mail, or retrieved from the referrer in this website's weblogs.

What is UPnP?

UPnP stands for 'Universal Plug and Play'. It is a framework which can be used to make networked applications. Programs on a local network can discover which services are available on the network and use them.

In practice people talk about UPnP a lot, but they are usually talking about applications or devices that apply UPnP in a certain context, such as internet access (Internet Gateway Device) or media (UPnP A/V).

What happens if I disable UPnP on my router?

First of all, there is a lot of ambiguity surrounding UPnP. I assume that you mean a device that implements the Internet Gateway Device profile. What happens is that it will not be possible anymore to let applications change firewall settings on the router anymore through UPnP. Some applications will not like it, since they depend on it. Other applications will work, but might not perform as much as before. A good example is Live Messenger. If it can't use UPnP for file transfers it will use a proxy server from Microsoft. Of course this proxy has probably a lot less bandwidth than your own connection.

Is UPnP bad?

I used to think that UPnP was really evil, but over the years I've changed my view a bit. I still think there are some things in the specifications of certain UPnP profiles that should not be in there, because the assumption is that the local network can be trusted at all times, which I think is far from true.

The biggest issue with UPnP is not the protocol itself, but the often broken implementations that are used on all kinds of devices. Users don't have control over these, since these are black boxes (unless, of course, you feel adventurous and install something like OpenWrt). 

Is there any malware that exploits UPnP?

I have not yet seen any malware as of early January 2009 that exploits the bugs that I have described on this page. On the other hand, I have not really paid a lot of attention to malware, so there could be. There has been malware in the past that has actively exploited holes in the UPnP stack in Windows XP though.

What ports are used in UPnP?

There are not many standard ports that are used for UPnP. The only standard port is UDP port 1900, which is used for receiving announcements. In Windows XPport 5000 TCP is also used (and this was the target of a worm in 2002). Some popular ports are 5431 (Broadcom),49152 (Linux IGD) and port 80.

Which Internet Gateway Device stack would you recommend?

If you are building your own router on Linux and need a UPnP stack there are various choices. The most popular one is Linux IGD, which is also used on a lot of devices you can buy in the shop. The quality of the stack has improved a lot over the last few years, but personally I think that the quality of miniupnpd is better. I've had some discussions with the author and he has built in several safe guards and checks even before I started researching UPnP.

© 2006-2019, Armijn Hemel/