J92Devils
join:2008-03-26 | reply to Lasko
Re: UPNP Setup
Isn't the idea that I don't know what ports the program will use, so I let it configure itself with the UPNP? How would I know in advance what ports will be used? |
|
pandora
Premium
join:2001-06-01
Outland
 ·ooma
·Future Nine Corpor..
 ·Comcast
|  You can't know in advance what ports a UPnP device will open. However, after a while, you may be able to know what they have opened or tried to open in the past. Personally I don't think that helps the security situation much.
My router lets me add a security feature limiting a LAN device to opening ports only for itself. It can't open ports for any other device on my LAN. Personally I think that should have been part of the UPnP spec to begin with.
Be careful about network UPnP on your windows PC's. It can create serious vulnerabilities. GRC made a Windows UPNP detection application which has been helpful to me over the years. You can find it here - »https://www.grc.com/unpnp/unpnp.htm
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| The only reason that I was interested in UPNP is because there are two xbox 360's in my house connecting through one router, causing NAT problems for each system. I thought UPNP would help this, so can I use that tool to disable UPNP on all my Windows computers but allow it for the xbox 360's? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| That is what we do. We use the GRC tool to disable network UPnP on our PC's, but still have our PS3's, Xbox 360's and everything else that uses UPNP (our DVR's) run without any problem.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| Okay, thank you for the help. That's the strategy that I will try to implement as well.
Also, I was just wondering, even with all of the Windows XP security updates and service packs, Microsoft wasn't able to fix the UPNP security vulnerability? |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| Network UPnP at least in XP and Vista still seems a mess at least IMO. Try turning on "Show icons for networked UpNP devices" in the Network Places folder sometime. When I do it with Windows XP it messes up a ton of stuff, including my system boot (half the stuff never gets started at boot). I don't know why Microsoft has never been able to resolve this. Things seem a lot better with Windows 7 for me (so far).
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
J92Devils
join:2008-03-26
| reply to J92Devils
Alright, I will try it. Thanks for all the help. It seems pretty irresponsible of Microsoft to just turn on UPNP for everybody.
Also, does the UNPNP program to disable the UPNP on Windows not for Windows XP Media Center? It worked for me on XP Home and Professional but not on Media Center. Is there a reason for that? |
|
pandora
Premium
join:2001-06-01
Outland | I think, but am not certain (only 99%), that Windows Media Center requires network UPnP to work correctly.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to pandora
said by pandora  :Be careful about network UPnP on your windows PC's. It can create serious vulnerabilities. GRC made a Windows UPNP detection application which has been helpful to me over the years. You can find it here - » https:// www.grc.com/unpnp/unpnp.htm Just curious about what kind of vulnerabilities would exist with UPnP enabled on the Windows PC, but disabled on the router ...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| said by NormanS :Just curious about what kind of vulnerabilities would exist with UPnP enabled on the Windows PC, but disabled on the router ... I don't know about network vulnerabilities. I do know enabling some UPnP features in "Network Neighborhood" can adversely affect automatic startup of applications on boot.
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." |
|
