Frequently Asked Questions
This page contains the Frequently Asked Questions, with answers. The questions were asked personally at conferences, via mail, or retrieved from the referrer in this website's weblogs.
- What is UPnP?
- What happens if I disable UPnP on my router?
- Is UPnP bad?
- Is there any malware that exploits UPnP?
- What ports are used in UPnP?
- Which Internet Gateway Device stack would you recommend?
What is UPnP?
UPnP stands for 'Universal Plug and Play'. It is a framework which can be used
to make networked applications. Programs on a local network can discover which
services are available on the network and use them.
In practice people talk about UPnP a lot, but they are usually talking about applications or devices that apply UPnP in a certain context, such as internet access (Internet Gateway Device) or media (UPnP A/V).
What happens if I disable UPnP on my router?
First of all, there is a lot of ambiguity surrounding UPnP. I assume that you
mean a device that implements the Internet Gateway Device profile. What happens
is that it will not be possible anymore to let applications change firewall
settings on the router anymore through UPnP. Some applications will not like
it, since they depend on it. Other applications will work, but might not
perform as much as before. A good example is Live Messenger. If it can't use
UPnP for file transfers it will use a proxy server from Microsoft. Of course
this proxy has probably a lot less bandwidth than your own connection.
Is UPnP bad?
I used to think that UPnP was really evil, but over the years I've changed my
view a bit. I still think there are some things in the specifications of
certain UPnP profiles that should not be in there, because the assumption is
that the local network can be trusted at all times, which I think is far from
The biggest issue with UPnP is not the protocol itself, but the often broken implementations that are used on all kinds of devices. Users don't have control over these, since these are black boxes (unless, of course, you feel adventurous and install something like OpenWrt).
Is there any malware that exploits UPnP?
I have not yet seen any malware as of early January 2009 that exploits the bugs that I have described on this page. On the other hand, I have not really paid a lot of attention to malware, so there could be. There has been malware in the past that has actively exploited holes in the UPnP stack in Windows XP though.
What ports are used in UPnP?
There are not many standard ports that are used for UPnP. The only standard
port is UDP port 1900, which is used for receiving announcements. In Windows
XPport 5000 TCP is also used (and this was the target of a worm in 2002). Some
popular ports are 5431 (Broadcom),49152 (Linux IGD) and port 80.
Which Internet Gateway Device stack would you recommend?
If you are building your own router on Linux and need a UPnP stack there are various choices. The most popular one is Linux IGD, which is also used on a lot of devices you can buy in the shop. The quality of the stack has improved a lot over the last few years, but personally I think that the quality of miniupnpd is better. I've had some discussions with the author and he has built in several safe guards and checks even before I started researching UPnP.