{"id":860,"date":"2003-11-10T12:00:57","date_gmt":"2003-11-10T20:00:57","guid":{"rendered":"http:\/\/lee.org\/blog\/archives\/2003\/11\/10\/damn-bill-gates-or-universal-plug-and-play-obnoxiousness\/"},"modified":"2003-11-10T12:00:57","modified_gmt":"2003-11-10T20:00:57","slug":"damn-bill-gates-or-universal-plug-and-play-obnoxiousness","status":"publish","type":"post","link":"https:\/\/www.lee.org\/blog\/2003\/11\/10\/damn-bill-gates-or-universal-plug-and-play-obnoxiousness\/","title":{"rendered":"Damn Bill Gates! or: Universal Plug and Play Obnoxiousness"},"content":{"rendered":"<p>I&#8217;ve been all nervous for the past several hours because I thought I had a Trojan horse that was busy offloading the contents of my computer to Kazaa or somesuch. It turns out that the recent firmware upgrade I did to my D-Link DI-624 wireless router gave it Plug and Play (UPnP) capability. It seems that someone thought it would be a good idea if every device on a network make a shout out to it&#8217;s homies every 20 friggin seconds. I was watching my network idiot-light and got really nervous seeing this regular, low-key traffic. Here&#8217;s what I found out about it:<\/p>\n<ul>\n<li> D-Link made an announcement that they are working with Microsoft on making UPnP happen.\n<\/li>\n<li>     It looks like explorer.exe on my side is what answers the call from the router EVEN IF I HAVEN&#8217;T ENABLED UPnP ON MY XP BOX.\n<\/li>\n<li>     You can theoretically disable or enable UPnP at Control Panel | Add\/Remove Programs | Add\/Remove Windows Components | Networking Services | Universal Plug and Play. But it LIES. But When disabled, your machine still responds (or broadcasts&#8230; I&#8217;m not sure which b\/c the sniffer software I got doesn&#8217;t seem to log all outgoing packets (NetworkActiv PIAFCTM 1.5))\n<\/li>\n<li>     One of the 10 or so packets in the bunch looks like this:\n<\/li>\n<\/ul>\n<p>from:192.168.0.1 (router) to: 239.255.255.250, from port 1900 to port 1900, format:UDP:<\/p>\n<blockquote><p>HOST:239.255.255.250:1900<br \/>\nCACHE-CONTROL:max-age=120<br \/>\nLOCATION:http:\/\/192.168.0.1:5678\/igd.xml<br \/>\nNT:upnp:rootdevice<br \/>\nNTS:ssdp:alive<br \/>\nSERVER:Embedded UPnP\/1.0<br \/>\nUSN:uuid:upnp-InternetGatewayDevice-1_0-12345678900001::upnp:rootdevice\n<\/p><\/blockquote>\n<ul>\n<li> The packets travel on port 1900. They are broadcast to IP address 239.255.255.250, which is intended to be a local broadcast\n<\/li>\n<li>     When enabled, my router shows up as a device in My Network Places. Big woop, the router told the client it&#8217;s IP address and what kind of box it is&#8230; That&#8217;s all.\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" border=\"1\" src=\"http:\/\/www.lee.org\/blog\/images\/20031110UPnP.jpg\" width=\"571\" height=\"108\"\/><\/p>\n<ul>\n<li>  I disabled &#8220;SSDP Discovery Service&#8221; and &#8220;Universal Plug and Play Device Host&#8221;. It didn&#8217;t stop the network traffic but made me feel better.<\/li>\n<\/ul>\n<p>I found the most useful info about this at these sites:<br \/>\n<a href=\"http:\/\/www.pcplus.co.uk\/media\/pcplus\/pdf\/181\/181.helpdesk.pdf\">http:\/\/www.pcplus.co.uk\/media\/pcplus\/pdf\/181\/181.helpdesk.pdf<\/a><br \/>\n<a href=\"http:\/\/grc.com\/\">http:\/\/grc.com\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve been all nervous for the past several hours because I thought I had a Trojan horse that was busy offloading the contents of my computer to Kazaa or somesuch. It turns out that the recent firmware upgrade I did to my D-Link DI-624 wireless router gave it Plug and Play (UPnP) capability. It seems [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-860","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts\/860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/comments?post=860"}],"version-history":[{"count":0,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts\/860\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/media?parent=860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/categories?post=860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/tags?post=860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}