uPnP on router - leave it on or switch it off?

Got a DG834G (which, incidently, I've had no problems with!!!). A colleague
suggested the other day that uPnP being enabled on this type of device (i.e.
ADSL modem/router/firewall/switch) presents a security issue.

Anyone got any advice? The DG834G allows uPnP to be disabled (which I've
done - no adverse effects _yet_). But how is it used? What is the risk
(especially from the WAN side)?

If the answers too complicated, rather than solicit large posts here, any
URL pointers to know good white papers/descriptions would be appreciated.

Thanks,

Simon B uttered in <KlNlc.2$(E-Mail Removed)>:

> Got a DG834G (which, incidently, I've had no problems with!!!). A
> colleague suggested the other day that uPnP being enabled on this type of
> device (i.e. ADSL modem/router/firewall/switch) presents a security issue.
>
> Anyone got any advice? The DG834G allows uPnP to be disabled (which I've
> done - no adverse effects _yet_). But how is it used? What is the risk
> (especially from the WAN side)?

In a good implementation, the threat from the WAN side should be
non-present.

The key use for uPnP - allowing MSN Messenger to communicate properly
between two NAT'd firewalls by letting it open up three ports in your
firewall.

There is a draft spec for authentication in uPnP, but I have as yet to see
any app or device implement this. I'm waiting for a worm to implement
uPnP.

--
Posting addr feeds straight to DCC and others. dhill + nana = cricalix ,
net for direct mail.

In my simplistic view uPnP allows enabled applications to tell the router to
open ports, an example being messenger which can open ports and then close
them again automatically. It also allows your PC to 'discover' the internet
gateway ie. router and it is then shown in your network connections.

This could of course be used by a trojan to open up specific ports to allow
an incoming connection, but it all depends on how paranoid you are and
whether you use other anti-virus / spyware / firewall tools that would
prevent such a trojan application from accessing the network in the first
place. On a small home network I wouldn't be concerned if you are already
using anti-virus tools, keeping them up to date and doing regular scans.

In my experience most virus problems come from users opening and executing
email attachments or running unverified applications from dodgy websites
when prompted.

Graham


"Simon B" <(E-Mail Removed)> wrote in message
news:KlNlc.2$(E-Mail Removed)...
> Got a DG834G (which, incidently, I've had no problems with!!!). A
colleague
> suggested the other day that uPnP being enabled on this type of device
(i.e.
> ADSL modem/router/firewall/switch) presents a security issue.
>
> Anyone got any advice? The DG834G allows uPnP to be disabled (which I've
> done - no adverse effects _yet_). But how is it used? What is the risk
> (especially from the WAN side)?
>
> If the answers too complicated, rather than solicit large posts here, any
> URL pointers to know good white papers/descriptions would be appreciated.
>
> Thanks,
>
>

One more thought with Netgears spacificlly: This was a particular issue on
the DG814, they might have fixed it with the DG834 since the 814 was their
lab experiment gone wrong:
Activating UPnP uses more memory in the router. If you have a lot of your
routers features activated + transfering lots of data, having lots of
computers connected, etc, you will eventually find the router will run out
of memory and start dropping connections/crashing/and so on.

Like I say, this was only an issue with the DG814 which had too little
memory, they've probably fixed it but just bare that in mind. (Same as
running lots of apps on your PC slows it down and uses memory.)

--
-Lawrence Stromski.
http://www.wc3.co.uk
http://www.helpforce.com


"Graham Tavener" <(E-Mail Removed)> wrote in message
news:c788er$rbvk$(E-Mail Removed)...
> In my simplistic view uPnP allows enabled applications to tell the router
to
> open ports, an example being messenger which can open ports and then close
> them again automatically. It also allows your PC to 'discover' the
internet
> gateway ie. router and it is then shown in your network connections.
>
> This could of course be used by a trojan to open up specific ports to
allow
> an incoming connection, but it all depends on how paranoid you are and
> whether you use other anti-virus / spyware / firewall tools that would
> prevent such a trojan application from accessing the network in the first
> place. On a small home network I wouldn't be concerned if you are already
> using anti-virus tools, keeping them up to date and doing regular scans.
>
> In my experience most virus problems come from users opening and executing
> email attachments or running unverified applications from dodgy websites
> when prompted.
>
> Graham
>
>
> "Simon B" <(E-Mail Removed)> wrote in message
> news:KlNlc.2$(E-Mail Removed)...
> > Got a DG834G (which, incidently, I've had no problems with!!!). A
> colleague
> > suggested the other day that uPnP being enabled on this type of device
> (i.e.
> > ADSL modem/router/firewall/switch) presents a security issue.
> >
> > Anyone got any advice? The DG834G allows uPnP to be disabled (which
I've
> > done - no adverse effects _yet_). But how is it used? What is the risk
> > (especially from the WAN side)?
> >
> > If the answers too complicated, rather than solicit large posts here,
any
> > URL pointers to know good white papers/descriptions would be
appreciated.
> >
> > Thanks,
> >
> >
>