This is why upnp ICD will remain a Home Gateway implementation in the
near future: Cisco doesn't support upnp.
Information from http://www.sbbi.net/site/upnp/index.html
Security problems
Some security problems have been found with some UPNP™ implementations (
guess who :o) ). Most of the security flaws are implementation
independant and do not concern UPNPLib. However a DDOS attack can be
acheived due to a protocol flaw. UPNPLib has been developped to do not
allow ( or at least limit ) such kind of attacks. You can read more
about it here <http://www.goland.org/Tech/upnp_security_flaws.htm>. The
official MS bug report is here
<http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx> and
the security bulletin
<http://www.eeye.com/html/Research/Advisories/AD20011220.html> from the
company that discovered the issue.
UPNPLib is not concerned with these flaws, future will tell if UPNPLib
other security issues will be found.
Devices security
Another problem with UPNP™ is that there is no protocol built-in ACL to
define who can access and send orders to UPNP™ devices.
UPNP™ forum came with a solution
<http://www.upnp.org/standardizeddcps/security.asp> to fix this issue
but unfortunatly we did not find devices compliant with this spec to
integrate this ACL and security layer in the library. We hope we will be
able to do it anytime soon with some other tools.
This means that this library will not work with devices implementing and
using such security services.
Peter Firmstone wrote:
Good call Gregg, an Apache v1.1 library for Upnp already exists, this
will be a good start: http://www.sbbi.net/site/upnp/index.html
How's this for a Preferred order for publicly visible services:
1. Public Address
2. Upnp NAT - All the home routers
3. STUN TCP - The majority of Enterprise NAT / Firewalls
4. TURN TCP - Whatever is left over.
Where / how should this integrate with secure JERI and the utility
services (DnsSdRegistrar, JeriUpnp, JeriRendezvous, JeriRelay),
Abstracted from any Service utilising it?
Should it be an SPI?
Cheers,
Peter.
