Hi all,
I recently enabled UPnp in my router and on WinXP SP2 after reading indepth over 100 articles and discussions via googling for anything UPnP.
I am aware of the flaws of UpnP, most artciles and discussions were based on the 2001 security vunerability of WinXP Upnp. To me thats kinda lame that there are no discussions or info about the state of UpnP in the year 2007 or near enough.
Anyway I would like as much insight as possible, I enabled Upnp on winxp Sp2 and on my router, because I have quite a few UpnP apps that need to have open access to the internet via certains ports, Using manual Port forwarding to open up ports would prove too risky since the ports there are no end point to enter an IP destination for. the ports would just be open to everything and anything to allow connections from any IP which is an infinite amount of unknown IP’s to allow connection for File transfers. yeah I’m talking about such stuff as DC++ and Shareaza.
I have CFP 3.0.14.276 and the way I have it set up is anytime Upnp 1900/2869 svchost.exe wants to connect, a firewall pop=up alerts me to that it wants to connect when I launch an app that needs it and I am given a choice to allow or block. Now isn’t this safer? the firewall doesn’t allow it to connect to anything without asking me first on each instances.
from what i can see on my system first hand, upnp doesn’t even make holes, I’ve ran ports scans on my system when I’ve been connected to shareaza or DC++ and the upnp ports and emules 1412 port and shareaza gnutella 2 network ports show up as stealth, the only thing that sees them as open is the apps i’ve setup to use UPnP when they are in use.
as for the other thing people don’t like which is giving WinXP control over ones router and system and able to automatically make connections, well isn’t my firewall preventing that since it asks me if i want to allow Upnp 1900/2869 svchost.exe to make a conection eachtime I fire up an app that uses it? as for anything else well upnp sometimes is in listening mode when internet gateway is enabled but it would still have to get permission from me via the firewall before it can connect to anything right?
and also the vunerability that was such a big thing when winxp came out was patched 2 months later, as for GRC shieldsup site being a big no no on anyone using upnp because of it being a major security risk. well that article is 6 years old, how can something that old be relevant.
Feel free to post and i appreciate anyone who can enlighten or confirm such stuff to me as in CFP 3.0’s roll in all this if it is secure and safe enough to enable upnp with CFP being the wall and gatekeeper in place.
oh yes one more big thing. with all the talk about that malware or anything bad can easily connect to anywhere and turn my PC into a zombie with Upnp enabled. hmm well is that all the threat is then? if anything bad was on my PC that i have to keep on top of, so my system with upnp enabled should be safe from things outside on the net? and me accepting anything bad or downloading anything bad is not part of the discussion lol.
So please anyone and all. shed as much light on this subject regarding Upnp and also a system with CFP as the gatekepeper or more like bouncer lol
regards
Ron