CPF 3 and UPnp enabled router

Help for v3
1

Hi all,

I recently enabled UPnp in my router and on WinXP SP2 after reading indepth over 100 articles and discussions via googling for anything UPnP.

I am aware of the flaws of UpnP, most artciles and discussions were based on the 2001 security vunerability of WinXP Upnp. To me thats kinda lame that there are no discussions or info about the state of UpnP in the year 2007 or near enough.

Anyway I would like as much insight as possible, I enabled Upnp on winxp Sp2 and on my router, because I have quite a few UpnP apps that need to have open access to the internet via certains ports, Using manual Port forwarding to open up ports would prove too risky since the ports there are no end point to enter an IP destination for. the ports would just be open to everything and anything to allow connections from any IP which is an infinite amount of unknown IP’s to allow connection for File transfers. yeah I’m talking about such stuff as DC++ and Shareaza.

I have CFP 3.0.14.276 and the way I have it set up is anytime Upnp 1900/2869 svchost.exe wants to connect, a firewall pop=up alerts me to that it wants to connect when I launch an app that needs it and I am given a choice to allow or block. Now isn’t this safer? the firewall doesn’t allow it to connect to anything without asking me first on each instances.

from what i can see on my system first hand, upnp doesn’t even make holes, I’ve ran ports scans on my system when I’ve been connected to shareaza or DC++ and the upnp ports and emules 1412 port and shareaza gnutella 2 network ports show up as stealth, the only thing that sees them as open is the apps i’ve setup to use UPnP when they are in use.

as for the other thing people don’t like which is giving WinXP control over ones router and system and able to automatically make connections, well isn’t my firewall preventing that since it asks me if i want to allow Upnp 1900/2869 svchost.exe to make a conection eachtime I fire up an app that uses it? as for anything else well upnp sometimes is in listening mode when internet gateway is enabled but it would still have to get permission from me via the firewall before it can connect to anything right?

and also the vunerability that was such a big thing when winxp came out was patched 2 months later, as for GRC shieldsup site being a big no no on anyone using upnp because of it being a major security risk. well that article is 6 years old, how can something that old be relevant.

Feel free to post and i appreciate anyone who can enlighten or confirm such stuff to me as in CFP 3.0’s roll in all this if it is secure and safe enough to enable upnp with CFP being the wall and gatekeeper in place.

oh yes one more big thing. with all the talk about that malware or anything bad can easily connect to anywhere and turn my PC into a zombie with Upnp enabled. hmm well is that all the threat is then? if anything bad was on my PC that i have to keep on top of, so my system with upnp enabled should be safe from things outside on the net? and me accepting anything bad or downloading anything bad is not part of the discussion lol.

So please anyone and all. shed as much light on this subject regarding Upnp and also a system with CFP as the gatekepeper or more like bouncer lol

regards

Ron

2

I’m no expert on UPnP, but I have researched the subject in the past.

As you have discovered, there is a lot of old information still floating around about UPnP.

These days, the concept of “layered security” is more important than ever, given the proliferation of file-sharing sites and applications. If you are using a hardware firewall/router, a software firewall/HIPS (CFP, in this case), a highly-ranked anti-virus suite that includes rootkit detection, then I think you will likely stop close to 99% of currently known security threats.

Usually, it is “operator error” (e.g. phishing) that enables malware to embed itself on a system, especially when a security application is improperly configured or is not updated regularly. To be sure, there are a number of “proof of concept” exploits that pose a threat.

The only thing I might add to a security arsenal is a standalone anti-Trojan application, such as TrojanHunter. A dedicated process monitoring suite might also be advisable. However, as you add additional layers, the risk increases that conflicts will evolve between one or more security applications. All you can do is experiment and find the best combination that offers optimal cost versus benefits for your system.

3

Thanks for the input USSS :slight_smile:

yeah there is so much old info floating around, the only newish info i have found have been on a couple of forums with a handful of user posts on upnp and all of them are in 2005 lol

I think I have a good layered system. I have CFP 3.0 for my software firewall. my router has a SPI firewall and is a good brand router. I have AVG free edition for my anti-virus protection. Boclean, Verification engine and WinXP SP2 with all upto date updates for it installed and for IE7 too and IEPRO 7 plugin for added security for the browser. thats the main things I use and have. and all of those are always Active and running.

its such s shame that Upnp has been left dead in the water, so many apps nowadays use Upnp or need port forwarding, and port forwarding doesn’t seem an appropriate option when such apps do not have a an IP to configure a port for, instead its one port connecting to an infinite number of undefined/Unknown IP’s and thats just for one app :-\ I have 3 or 4 apps that i would have to do that for, if i chose manual port forwarding, my system would be exposed to the net with a few open ports.

one thing i can say i’ve noticed and that is upnp enabled seems to make the system a bit prone to its system resources being clogged up when a website just freezes or is having a bad day :-\

I hope when SP3 is released in I think the 2nd half of 2008 that it seriously includes any info for upnp and any improvements and updates to its implementations, because that is something that is really lacking on the web