Re: UPnP temporary internet files and security

From: David Shorthouse (davidshorthouse_at_shaw_no$pam_.ca)
Date: 05/09/03

• Next message: Polly Jensen: "one of my folders is accses denied"
• Previous message: Brad: "virus scanning of backup discs"
• In reply to: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Next in thread: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Reply: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 09 May 2003 19:52:42 GMT

Matt,

    Thanks for the reply, but all machines are using XP Pro SP1. Only the
laptop receives the Internet Gateway Device icon in its network connections
folder, the other PCs do not even though all the Optional Networking
components (IGD Detection and UPnP) are installed on all machines and the
SSDP service is running in the background.

> The files in the Temporary Internet Files folder are normal.

I think this is not normal because the laptop communicates well with the
router via the IGD icon and the system tray UPnP icon, but none of the other
PCs do. All of them have Messenger installed and running. UPnP seems to work
because I can see that the appropriate ports are being forwarded properly in
the UPnP port forwarding page of the router. However, it's as if the PCs
without the IGD icon are not accessing the router on boot or after an
ipconfig /renew because the rootDesc.xml file is nowhere to be found in this
machines, including where one would expect to find it:
C:\WINDOWS\system32\config\systemprofile\Local
> Settings\Temporary Internet Files\Content.IE5. This is why I thought
perhaps there was some sort of security problem when an IP address is
obtained from the router and when UPnP devices are first detected. But, I
guess I now see that security issues are not the problem here and that
something else must be faulting (even though there is nothing in my error
logs that would indicate this).

Dave

> To make use of the UPnP-capable router's NAT capabilities you need a UPnP
> enabled client or OS. UPnP support is included by default in Windows XP.
> UPnP support at the OS level of XP allows you to control the UPnP enabled
> device through the Networking applet.
>
> For most UPnP-capable router's, these UPnP enabled controls are merely a
> subset of the controls you get using the Web Interface. Meaning, UPnP can
> control many of the same NAT capabilities of the router as that which an
> authorized user could accomplish with the web interface at (for default
> Linksys)
> http://192.168.1.1/Forward.htm
> UPnP however does this NATting auto-magically.
>
> The critical difference is that to use the Web interface requires a
> username:password to access the UPnP-capable router and map ports to
> machines (control NAT) with that Web interface. UPnP assumes all users and
> machines and code running inside your LAN is trusted. The existing UPnP
> protocol does not included authentication or authorization. That is the
> security issue, not the presence of any TIF files. rootDesc.xml is
available
> to any machine on the LAN side that can reach the router at
> http://192.168.1.1:5678/rootDesc.xml
>
> I suspect the laptop is running Windows XP and the desktops are running
some
> other OS or have UPnP suport disabled. For transparent use of the NAT
> capabilities for specific applications, Windows 98 users can add DirectX
9.x
> and MSN Messenger for example. Or, Windows 98 users can add the Internet
> Connection Sharing client and use a Windows XP machine as their Internet
> Gateway. That still however may not add to Windows 98 all of the GUI and
> networking capabilities you enjoy with Windows XP SP1.
>
> Matt Scarborough 2003-05-09
>
>
>

---

• Next message: Polly Jensen: "one of my folders is accses denied"
• Previous message: Brad: "virus scanning of backup discs"
• In reply to: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Next in thread: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Reply: Matt Scarborough: "Re: UPnP temporary internet files and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [NT] UPNP - Multiple Remote Windows XP/ME/98 Vulnerabilities ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Windows XP ships by default with a UPNP service ... Denial-of-Service attack, ... (Securiteam) Multiple Remote Windows XP/ME/98 Vulnerabilities ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... Microsoft has released a patch and security bulletin which is located at: ... (NT-Bugtraq) Multiple Remote Windows XP/ME/98 Vulnerabilities ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... attack, and a Distributed Denial of Service attack. ... (Bugtraq) Multiple Remote Windows XP/ME/98 Vulnerabilities ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... attack, and a Distributed Denial of Service attack. ... (Focus-Microsoft) [NT] Invalid Universal Plug and Play Request Can Disrupt System Operation ... Invalid Universal Plug and Play Request Can Disrupt System Operation ... Windows ME and XP include native UPnP ... manufacturers do, however, install it on the systems they sell) ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)