I’ve been all nervous for the past several hours because I thought I had a Trojan horse that was busy offloading the contents of my computer to Kazaa or somesuch. It turns out that the recent firmware upgrade I did to my D-Link DI-624 wireless router gave it Plug and Play (UPnP) capability. It seems that someone thought it would be a good idea if every device on a network make a shout out to it’s homies every 20 friggin seconds. I was watching my network idiot-light and got really nervous seeing this regular, low-key traffic. Here’s what I found out about it:
- D-Link made an announcement that they are working with Microsoft on making UPnP happen.
- It looks like explorer.exe on my side is what answers the call from the router EVEN IF I HAVEN’T ENABLED UPnP ON MY XP BOX.
- You can theoretically disable or enable UPnP at Control Panel | Add/Remove Programs | Add/Remove Windows Components | Networking Services | Universal Plug and Play. But it LIES. But When disabled, your machine still responds (or broadcasts… I’m not sure which b/c the sniffer software I got doesn’t seem to log all outgoing packets (NetworkActiv PIAFCTM 1.5))
- One of the 10 or so packets in the bunch looks like this:
from:192.168.0.1 (router) to: 22.214.171.124, from port 1900 to port 1900, format:UDP:
- The packets travel on port 1900. They are broadcast to IP address 126.96.36.199, which is intended to be a local broadcast
- When enabled, my router shows up as a device in My Network Places. Big woop, the router told the client it’s IP address and what kind of box it is… That’s all.
- I disabled “SSDP Discovery Service” and “Universal Plug and Play Device Host”. It didn’t stop the network traffic but made me feel better.
I found the most useful info about this at these sites: