[KLUG Advocacy] OT: uPNP

Mike Williams knightperson at zuzax.com
Sun Apr 17 23:34:12 EDT 2005


Going off-topic here, but I'll be back by the end of the message.  I've 
always thought the idea of Microsoft's uPNP (Universal Plug-N-Play) was 
a bad idea.  As I understand it, it's a way for a machine behind a NAT 
router or firewall to request that the firewall open a port for it on 
the fly.  So an obscure port number could be routed through without 
calling the administrator of the firewall to change it.  Of course, this 
means that a virus could dump a DDOS worm on your machine, and the worm 
could unlock the firewall so it could get out, even though the 
administrator set up the rules sensibly in the first place (with the 
exception of allowing uPNP, of course).  I now have to admit that 
there's one use for it that's pretty cool.  If you use Internet 
Connection Sharing on a Windows XP (or 2000, I assume) machine to share 
a dial-up connection, the gateway machine advertises the connection 
through upnp and a client behind it can control when the modem dials and 
hangs up.  This is awfully nice if the modem is on a shared phone line, 
because it's very hard to explain to the computer when to autodial, when 
to hang up, and when to just stay out of the way.

Here's where I go back on topic:  Does anybody know how proprietary this 
trick is, and whether the gateway machine could do the same under Linux 
as it does under XP?  I know Linux makes a great firewall / gateway / 
NAT router thing for a persistent connection, but how about remote 
control of the modem?  I know you could shell in and dial that way and 
such, but that's allowing way too many options for computer-illiterate 
users to screw something up.




More information about the Advocacy mailing list