Damn Bill Gates! or: Universal Plug and Play Obnoxiousness

I’ve been all nervous for the past several hours because I thought I had a Trojan horse that was busy offloading the contents of my computer to Kazaa or somesuch. It turns out that the recent firmware upgrade I did to my D-Link DI-624 wireless router gave it Plug and Play (UPnP) capability. It seems that someone thought it would be a good idea if every device on a network make a shout out to it’s homies every 20 friggin seconds. I was watching my network idiot-light and got really nervous seeing this regular, low-key traffic. Here’s what I found out about it:

  • D-Link made an announcement that they are working with Microsoft on making UPnP happen.
  • It looks like explorer.exe on my side is what answers the call from the router EVEN IF I HAVEN’T ENABLED UPnP ON MY XP BOX.
  • You can theoretically disable or enable UPnP at Control Panel | Add/Remove Programs | Add/Remove Windows Components | Networking Services | Universal Plug and Play. But it LIES. But When disabled, your machine still responds (or broadcasts… I’m not sure which b/c the sniffer software I got doesn’t seem to log all outgoing packets (NetworkActiv PIAFCTM 1.5))
  • One of the 10 or so packets in the bunch looks like this:

from: (router) to:, from port 1900 to port 1900, format:UDP:

SERVER:Embedded UPnP/1.0

  • The packets travel on port 1900. They are broadcast to IP address, which is intended to be a local broadcast
  • When enabled, my router shows up as a device in My Network Places. Big woop, the router told the client it’s IP address and what kind of box it is… That’s all.

  • I disabled “SSDP Discovery Service” and “Universal Plug and Play Device Host”. It didn’t stop the network traffic but made me feel better.

I found the most useful info about this at these sites:

Leave a Comment

Do not write "http://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.

You can edit your comment after submitting it.