Universal Plug and Play is a native feature of Windows XP and can be easily installed on Windows 98, SE and Me. Basically, UPnP expands upon the traditional Plug and Play capabilities of Windows. Instead of limiting a computer to automatically detecting and installing local devices (i.e., those physically connected to the computer), UPnP allows for automatic detection and installation of devices over a network. Thus, just by booting onto a network your client can discover and install network printers, link to Internet gateways or connect to a wide range of network attached devices or services.
That's all well and good until you add the Internet and malicious programmers into the mix. Then things get ugly. UPnP offers the potential for a remote user to connect to your client over the Internet and take complete control. Once UPnP is enabled, it listens on TCP port 5000 and on UDP port 1900 for attempted connections. With just a little ingenuity, a cracker can easily connect into a system through this gaping hole.
Fortunately, Internet Connection Firewall and most third-party firewall products can effectively protect against external attempts to connect to UPnP. However, leaving UPnP open and eagerly listening for connections is not a good idea. You can elect to edit the Registry or run the Microsoft patch (see
UnPlug n' Pray is a simple utility from GRC.COM. This simple tool will disable the services used by UPnP. Plus, if you ever need UPnP functionality, UnPlug n' Pray can be used to re-enable the required services with a single click of the mouse. In my opinion, GRC.COM's solution to this problem is more efficient and easier to manage than Microsoft's. While you are at GRC.COM you might want to look around a bit; this is an excellent resource for Windows users, especially those concerned about security.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in January 2002