Where To Find Plug And Play Services, Router

Set of networking protocols

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Net gateways, Wi-Fi access points and mobile devices to seamlessly find each other's presence on the network and establish functional network services. UPnP is intended primarily for residential networks without enterprise-class devices.

The UPnP protocols were promoted by the UPnP Forum, a computer industry initiative to enable elementary and robust connectivity to standalone devices and personal computers from many different vendors. The Forum consisted of more than 800 vendors involved in everything from consumer electronics to network computing. Since 2016, all UPnP efforts have been managed past the Open Connectivity Foundation (OCF).

UPnP assumes the network runs Net Protocol (IP) and then leverages HTTP, on elevation of IP, in gild to provide device/service description, deportment, data transfer and upshot notification. Device search requests and advertisements are supported by running HTTP on top of UDP (port 1900) using multicast (known every bit HTTPMU). Responses to search requests are also sent over UDP, but are instead sent using unicast (known as HTTPU).

Conceptually, UPnP extends plug and play—a technology for dynamically attaching devices direct to a computer—to naught-configuration networking for residential and SOHO wireless networks. UPnP devices are plug and play in that, when connected to a network, they automatically establish working configurations with other devices.

UPnP is generally regarded as unsuitable for deployment in business settings for reasons of economy, complication, and consistency: the multicast foundation makes information technology chatty, consuming too many network resources on networks with a large population of devices; the simplified access controls don't map well to complex environments; and information technology does non provide a compatible configuration syntax such as the CLI environments of Cisco IOS or JUNOS.^{[ citation needed ]}

Overview [edit]

The UPnP architecture allows device-to-device networking of consumer electronics, mobile devices, personal computers, and networked home appliances. It is a distributed, open architecture protocol based on established standards such as the Net Protocol Suite (TCP/IP), HTTP, XML, and SOAP. UPnP control points (CPs) are devices which apply UPnP protocols to control UPnP controlled devices (CDs).^[1]

The UPnP architecture supports null-configuration networking. A UPnP-uniform device from any vendor tin can dynamically join a network, obtain an IP address, announce its proper name, advertise or convey its capabilities upon request, and acquire about the presence and capabilities of other devices. Dynamic Host Configuration Protocol (DHCP) and Domain Name Arrangement (DNS) servers are optional and are only used if they are bachelor on the network. Devices tin can disconnect from the network automatically without leaving state data.

UPnP was published as a 73-part international standard, ISO/IEC 29341, in December 2008.^{[2] [3]}

Other UPnP features include:

Media and device independence

UPnP engineering science can run on many media that support IP including Ethernet, FireWire, IR (IrDA), dwelling house wiring (G.hn) and RF (Bluetooth, Wi-Fi). No special device commuter back up is necessary; mutual network protocols are used instead.

User interface (UI) Command

Optionally, the UPnP architecture enables devices to nowadays a user interface through a web browser (see Presentation below).

Operating organization and programming language independence

Any operating arrangement and whatever programming language can be used to build UPnP products. UPnP stacks are available for most platforms and operating systems in both closed and open source forms.

Extensibility

Each UPnP production tin have device-specific services layered on top of the basic architecture. In improver to combining services defined past UPnP Forum in diverse ways, vendors tin define their ain device and service types, and can extend standard devices and services with vendor-defined actions, state variables, data structure elements, and variable values.

Protocol [edit]

UPnP uses common Internet technologies. Information technology assumes the network must run Internet Protocol (IP) and and then uses HTTP, Soap and XML on superlative of IP, in guild to provide device/service description, actions, information transfer and eventing. Device search requests and advertisements are supported by running HTTP on top of UDP using multicast (known as HTTPMU). Responses to search requests are too sent over UDP, simply are instead sent using unicast (known as HTTPU). UPnP uses UDP due to its lower overhead in not requiring confirmation of received information and retransmission of corrupt packets. HTTPU and HTTPMU were initially submitted as an Net Draft just it expired in 2001;^[4] these specifications accept since been integrated into the actual UPnP specifications.^[5]

UPnP uses UDP port 1900 and all used TCP ports are derived from the SSDP alive and response messages.^[6]

Addressing [edit]

The foundation for UPnP networking is IP addressing. Each device must implement a DHCP client and search for a DHCP server when the device is first connected to the network. If no DHCP server is available, the device must assign itself an address. The procedure past which a UPnP device assigns itself an address is known within the UPnP Device Compages as AutoIP. In UPnP Device Architecture Version 1.0,^[seven] AutoIP is defined inside the specification itself; in UPnP Device Compages Version 1.1,^[8] AutoIP references IETF RFC 3927. If during the DHCP transaction, the device obtains a domain name, for example, through a DNS server or via DNS forwarding, the device should use that proper name in subsequent network operations; otherwise, the device should apply its IP accost.

Discovery [edit]

Once a device has established an IP address, the adjacent step in UPnP networking is discovery. The UPnP discovery protocol is known equally the Elementary Service Discovery Protocol (SSDP). When a device is added to the network, SSDP allows that device to advertise its services to command points on the network. This is accomplished past sending SSDP alive messages. When a control point is added to the network, SSDP allows that control point to actively search for devices of involvement on the network or listen passively to the SSDP alive messages of devices. The cardinal exchange is a discovery bulletin containing a few essential specifics about the device or one of its services, for example, its type, identifier, and a pointer (network location) to more than detailed information.

Clarification [edit]

Later on a control point has discovered a device, the command point however knows very trivial about the device. For the control point to learn more near the device and its capabilities, or to interact with the device, the control point must retrieve the device's clarification from the location (URL) provided past the device in the discovery message. The UPnP Device Clarification is expressed in XML and includes vendor-specific manufacturer information similar the model name and number, serial number, manufacturer proper name, (presentation) URLs to vendor-specific web sites, etc. The description too includes a list of any embedded services. For each service, the Device Clarification document lists the URLs for command, eventing and service clarification. Each service description includes a list of the commands, or actions, to which the service responds, and parameters, or arguments, for each activeness; the description for a service also includes a list of variables; these variables model the state of the service at run time, and are described in terms of their data type, range, and event characteristics.

Control [edit]

Having retrieved a description of the device, the control point tin can ship actions to a device's service. To practise this, a control point sends a suitable control message to the control URL for the service (provided in the device description). Control letters are likewise expressed in XML using the Uncomplicated Object Admission Protocol (SOAP). Much like function calls, the service returns any action-specific values in response to the control bulletin. The effects of the activeness, if whatever, are modeled by changes in the variables that depict the run-time state of the service.

Event notification [edit]

Another capability of UPnP networking is result notification, or eventing. The event notification protocol divers in the UPnP Device Architecture is known every bit General Issue Notification Architecture (GENA). A UPnP description for a service includes a list of actions the service responds to and a list of variables that model the country of the service at run time. The service publishes updates when these variables modify, and a command bespeak may subscribe to receive this data. The service publishes updates by sending event letters. Event letters comprise the names of ane or more country variables and the electric current value of those variables. These messages are also expressed in XML. A special initial issue message is sent when a control point showtime subscribes; this event message contains the names and values for all evented variables and allows the subscriber to initialize its model of the country of the service. To support scenarios with multiple control points, eventing is designed to keep all control points every bit informed about the effects of whatever action. Therefore, all subscribers are sent all event messages, subscribers receive event messages for all "evented" variables that take changed, and event messages are sent no matter why the country variable changed (either in response to a requested action or because the state the service is modeling changed).

Presentation [edit]

The final footstep in UPnP networking is presentation. If a device has a URL for presentation, then the control indicate can retrieve a page from this URL, load the page into a spider web browser, and depending on the capabilities of the page, let a user to control the device and/or view device status. The degree to which each of these can be accomplished depends on the specific capabilities of the presentation folio and device.

UPnP AV standards [edit]

UPnP AV compages is an audio and video extension of the UPnP, supporting a variety of devices such as TVs, VCRs, CD/DVD players/jukeboxes, settop boxes, stereos systems, MP3 players, still image cameras, camcorders, electronic picture frames (EPFs), and personal computers. The UPnP AV architecture allows devices to support different types of formats for the entertainment content, including MPEG2, MPEG4, JPEG, MP3, Windows Media Sound (WMA), bitmaps (BMP), and NTSC, PAL or ATSC formats. Multiple types of transfer protocols are supported, including IEEE 1394, HTTP, RTP and TCP/IP.^[9]

On 12 July 2006, the UPnP Forum announced the release of version two of the UPnP Audio and Video specifications,^[10] with new MediaServer (MS) version 2.0 and MediaRenderer (MR) version ii.0 classes. These enhancements are created past adding capabilities to the MediaServer and MediaRenderer device classes, allowing a college level of interoperability betwixt products made by unlike manufacturers. Some of the early devices complying with these standards were marketed by Philips nether the Streamium brand proper name.

Since 2006, versions 3 and 4 of the UPnP sound and video device control protocols take been published.^[xi] In March 2013, an updated uPnP AV compages specification was published, incorporating the updated device control protocols.^[9]

The UPnP AV standards have been referenced in specifications published by other organizations including Digital Living Network Alliance Networked Device Interoperability Guidelines,^[12] International Electrotechnical Commission IEC 62481-1,^[13] and Cable Television Laboratories OpenCable Habitation Networking Protocol.^[14]

UPnP AV components [edit]

Media server [edit]

A UPnP AV media server is the UPnP-server ("master" device) that provides media library data and streams media-data (like audio/video/movie/files) to UPnP clients on the network. Information technology is a computer system or a similar digital appliance that stores digital media, such every bit photographs, movies, or music and shares these with other devices.

UPnP AV media servers provide a service to UPnP AV client devices, and so-called control points, for browsing the media content of the server and request the media server to deliver a file to the control bespeak for playback.

UPnP media servers are available for almost operating systems and many hardware platforms. UPnP AV media servers can either be categorized as software-based or hardware-based. Software-based UPnP AV media servers tin be run on a PC. Hardware-based UPnP AV media servers may run on whatever NAS devices or any specific hardware for delivering media, such every bit a DVR. As of May 2008, there were more software-based UPnP AV media servers than there were hardware-based servers.

Other components [edit]

• UPnP MediaServer ControlPoint - which is the UPnP-client (a 'slave' device) that can auto-detect UPnP-servers on the network to scan and stream media/data-files from them.
• UPnP MediaRenderer DCP - which is a 'slave' device that can render (play) content.
• UPnP RenderingControl DCP - control MediaRenderer settings; volume, brightness, RGB, sharpness, and more.
• UPnP Remote User Interface (RUI) client/server - which sends/receives control-commands betwixt the UPnP-client and UPnP-server over network, (like record, schedule, play, break, stop, etc.).
  • Web4CE (CEA 2014) for UPnP Remote UI^[15] - CEA-2014 standard designed by Consumer Electronics Association'due south R7 Home Network Committee. Web-based Protocol and Framework for Remote User Interface on UPnP Networks and the Internet (Web4CE). This standard allows a UPnP-capable home network device to provide its interface (display and command options) as a spider web page to brandish on any other device connected to the home network. That means that one can control a home networking device through any spider web-browser-based communications method for CE devices on a UPnP home network using ethernet and a special version of HTML called CE-HTML.
• QoS (quality of service) - is an important (simply not mandatory) service function for utilise with UPnP AV (Audio and Video). QoS (quality of service) refers to control mechanisms that tin can provide different priority to different users or data flows, or guarantee a certain level of performance to a information flow in accordance with requests from the application programme. Since UPnP AV is more often than not to deliver streaming media that is often well-nigh real-time or real-fourth dimension sound/video information which it is critical to be delivered within a specific fourth dimension or the stream is interrupted. QoS guarantees are particularly important if the network capacity is limited, for example public networks, like the internet.
  • QoS for UPnP consist of Sink Device (customer-side/front end-end) and Source Device (server-side/back-cease) service functions. With classes such as; Traffic Form that indicates the kind of traffic in the traffic stream, (for example, audio or video). Traffic Identifier (TID) which identifies data packets as belonging to a unique traffic stream. Traffic Specification (TSPEC) which contains a fix of parameters that define the characteristics of the traffic stream, (for instance operating requirement and scheduling). Traffic Stream (TS) which is a unidirectional flow of data that originates at a source device and terminates at 1 or more than sink device(south).
• Remote Access - defines methods for connecting UPnP device sets that are not in the aforementioned multicast domain.

NAT traversal [edit]

1 solution for NAT traversal, chosen the Internet Gateway Device Protocol (IGD Protocol), is implemented via UPnP. Many routers and firewalls expose themselves equally Internet Gateway Devices, allowing whatever local UPnP control point to perform a variety of actions, including retrieving the external IP address of the device, enumerating existing port mappings, and calculation or removing port mappings. Past adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal customer.

Problems with UPnP [edit]

Authentication [edit]

The UPnP protocol, as default, does not implement whatsoever authentication, and so UPnP device implementations must implement the additional Device Protection service,^[16] or implement the Device Security Service.^[17] In that location too exists a non-standard solution chosen UPnP-Upwards (Universal Plug and Play - User Contour)^{[18] [19]} which proposes an extension to allow user authentication and authorization mechanisms for UPnP devices and applications. Many UPnP device implementations lack authentication mechanisms, and by default presume local systems and their users are completely trustworthy.^{[xx] [21]}

When the authentication mechanisms are not implemented, routers and firewalls running the UPnP IGD protocol are vulnerable to assault. For case, Adobe Flash programs running outside the sandbox of the browser (e.k. this requires specific version of Adobe Flash with acknowledged security issues) are capable of generating a specific type of HTTP asking which allows a router implementing the UPnP IGD protocol to be controlled by a malicious web site when someone with a UPnP-enabled router merely visits that web site.^[22] This only applies to the "firewall-hole-punching"-feature of UPnP; information technology does not utilize when the IGD does not support UPnP or UPnP has been disabled on the IGD. Also, non all routers can accept such things as DNS server settings altered by UPnP because much of the specification (including LAN Host Configuration) is optional for UPnP enabled routers.^[23] As a event, some UPnP devices ship with UPnP turned off by default every bit a security mensurate.

Access from the Internet [edit]

In 2011, researcher Daniel Garcia adult a tool designed to exploit a flaw in some UPnP IGD device stacks that permit UPnP requests from the Net.^{[24] [25]} The tool was made public at DEFCON 19 and allows portmapping requests to external IP addresses from the device and internal IP addresses behind the NAT. The problem is widely propagated around the world, with scans showing millions of vulnerable devices at a fourth dimension.^[26]

In Jan 2013 the security company Rapid7 in Boston reported^[27] on a half dozen-month research programme. A team scanned for signals from UPnP-enabled devices announcing their availability for internet connectedness. Some 6900 network-aware products from 1500 companies at 81 1000000 IP-addresses responded to their requests. eighty% of the devices are dwelling routers; others include printers, webcams and surveillance cameras. Using the UPnP-protocol, many of those devices can be accessed and/or manipulated.

In February 2013, the UPnP forum responded in a press release^[28] by recommending more recent versions of the used UPnP stacks, and by improving the certification plan to include checks to avoid further such issues.

IGMP snooping and reliability [edit]

UPnP is frequently the simply significant multicast application in use in digital domicile networks; therefore, multicast network misconfiguration or other deficiencies tin can appear as UPnP problems rather than underlying network issues.

If IGMP snooping is enabled on a switch, or more commonly a wireless router/switch, it will interfere with UPnP/DLNA device discovery (SSDP) if incorrectly or incompletely configured (due east.g. without an active querier or IGMP proxy), making UPnP appear unreliable.

Typical scenarios observed include a server or customer (due east.one thousand. smart TV) actualization after power on, and then disappearing after a few minutes (often 30 by default configuration) due to IGMP group membership expiring.

Callback vulnerability [edit]

On 8 June 2020 yet some other protocol blueprint flaw was announced.^[29] Dubbed "CallStranger"^[30] by its discoverer, it allows an assaulter to subvert the outcome subscription mechanism and execute a variety of attacks: amplification of requests for use in DDoS; enumeration; and data exfiltration.

OCF had published a set up to the protocol specification in Apr 2020,^[31] just since many devices running UPnP are non easily upgradable, CallStranger is likely to remain a threat for a long fourth dimension to come up.^[32] CallStranger has fueled calls for end-users to abandon UPnP because of repeated failures in security of its blueprint and implementation.^[33]

Future developments [edit]

This section needs to be updated. Please help update this article to reflect contempo events or newly bachelor information. (Baronial 2017)

In the autumn of 2008, the UPnP Forum ratified the successor to UPnP ane.0 Device Architecture UPnP ane.i.^[34] The Devices Profile for Web Services (DPWS) standard was a candidate successor to UPnP, merely UPnP 1.1 was selected past the UPnP Forum. Version ii of IGD is standardized.^[35]

The UPnP Internet Gateway Device (IGD)^[23] standard has a WANIPConnection service, which provides similar functionality to IETF-standard Port Control Protocol. The NAT-PMP specification contains a list of the problems with IGDP ^{[36] : 26–32} that prompted the creation of NAT-PMP and its successor PCP.

See also [edit]

• Comparison of UPnP AV media servers
• Devices Profile for Web Services
• Digital Living Network Alliance (DLNA)
• List of UPnP AV media servers and clients
• Port Control Protocol
• NAT Port Mapping Protocol (NAT-PMP)
• Internet Gateway Device Protocol
• Port (estimator networking)
• Zeroconf

References [edit]

1. ^ "Using the UPnP Control Point API". Microsoft Developer Network. Retrieved eleven September 2014.
2. ^ "ISO/IEC standard on UPnP device compages makes networking simple and easy". International Organization for Standardization. 10 December 2008. Retrieved 11 September 2014.
3. ^ "UPnP Specifications Named International Standard for Device Interoperability for IP-based Network Devices" (PDF). UPnP Forum. 5 February 2009. Retrieved 11 September 2014.
4. ^ Goland, Yaron Y.; Schlimmer, Jeffrey C. (two October 2000). "Multicast and Unicast UDP HTTP Messages". UPnP Forum Technical Committee. Archived from the original on 30 Dec 2006. Retrieved 11 September 2014.
5. ^ "UPnP Device Compages V1.0" (PDF). UPnP Forum Technical Committee. fifteen October 2008. Retrieved 11 September 2014.
6. ^ "How Windows Firewall affects the UPnP framework in Windows XP Service Pack 2". Microsoft. 23 May 2014. Retrieved 11 September 2014.
7. ^ "UPnP Device Architecture version 1.0" (PDF). UPnP Forum. 15 October 2008. Retrieved 11 September 2014.
8. ^ "UPnP Device Architecture version 1.1" (PDF). UPnP Forum. 15 October 2008. Retrieved 11 September 2014.
9. ^ ^{a b} "UPnP AV Compages" (PDF). UPnP Forum. 31 March 2013. Retrieved 11 September 2014.
10. ^ "UPnP Forum Releases Enhanced AV Specifications Taking Home Network to the Next Level" (PDF). UPnP Forum. 12 July 2006. Retrieved 11 September 2014.
11. ^ "Device Control Protocols". UPnP Forum. Retrieved eleven September 2014.
12. ^ "DLNA Networked Device Interoperability Guidelines". Digital Living Network Alliance. March 2014. Retrieved 11 September 2014.
13. ^ "Digital living network alliance (DLNA) home networked device interoperability guidelines - Part 1: Architecture and protocols". International Electrotechnical Commission. 23 October 2013. Retrieved 11 September 2014.
14. ^ "OpenCable Specifications Abode Networking 2.0 - Home Networking Protocol 2.0 Revision 10" (PDF). Cable Television Laboratories. xxx May 2013. Retrieved 11 September 2014.
15. ^ "CEA-2014-B (ANSI) - Web-based Protocol and Framework for Remote User Interface on UPnP Networks and the Internet (Web4CE)". CEA R7 Home Dwelling house Network Committee. 1 January 2011. Retrieved 11 September 2014.
16. ^ "Device Protection V 1.0". UPnP Forum. Retrieved 11 September 2014.
17. ^ "Device Security and Security Console Five 1.0". UPnP Forum. Retrieved 11 September 2014.
18. ^ "UPnP-Upward - Universal Plug and Play - User Contour".
19. ^ Sales, Thiago; Sales, Leandro; Almeida, Hyggo; Perkusich, Angelo (November 2010). "A UPnP extension for enabling user authentication and authority in pervasive systems". Journal of the Brazilian Figurer Club. 16 (4): 261–277. doi:10.1007/s13173-010-0022-ii.
20. ^ Eastep, Thomas M. (4 June 2014). "Shorewall and UPnP". Retrieved 11 September 2014.
21. ^ "Linux UPnP Net Gateway Device - Documentation - Security". Retrieved 11 September 2014.
22. ^ "Hacking The Interwebs". 12 Jan 2008. Retrieved 11 September 2014.
23. ^ ^{a b} "Internet Gateway Device (IGD) V ane.0". UPnP Forum. 12 November 2001. Archived from the original on 22 February 2011.
24. ^ Garcia, Daniel. "UPnP Mapping" (PDF) . Retrieved eleven September 2014.
25. ^ "US-CERT Vulnerability Note VU#357851". CERT/CC. 30 Nov 2012. Retrieved 11 September 2014.
26. ^ "Millions of devices vulnerable via UPnP - Update". The H. 30 Jan 2013. Archived from the original on 29 August 2014. Retrieved 11 September 2014.
27. ^ Moore, H. D. (29 January 2013). "Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play". Retrieved 11 September 2014.
28. ^ "UPnP Forum Responds to Recently Identified LibUPnP/MiniUPnP Security Flaw" (PDF). UPnP Forum. viii Feb 2013. Retrieved 11 September 2014.
29. ^ "CERT/CC Vulnerability Note VU#339275".
30. ^ https://callstranger.com/
31. ^ "OCF - UPnP Standards & Architecture".
32. ^ "CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices at Risk". eight June 2020.
33. ^ "Disable UPnP on Your Wireless Router Already". Lifehacker . Retrieved xiv June 2020.
34. ^ Bodlaender, Thousand.P. (February 2005). "UPnP™ ane.1 - designing for performance & compatibility". IEEE Transactions on Consumer Electronics. 51 (1): 69–75. doi:x.1109/TCE.2005.1405701. S2CID 11792030.
35. ^ "UPnP Forum Gateway Working Committee: IGD:2 Improvements over IGD:1" (PDF). UPnP Forum. 10 March 2009. Retrieved 11 September 2014.
36. ^ S. Cheshire; M. Krochmal (April 2013). "RFC 6886: NAT Port Mapping Protocol (NAT-PMP)". Internet Engineering science Task Force (IETF). Retrieved viii August 2014.

Further reading [edit]

• Gilt G. Richard: Service and Device Discovery: Protocols and Programming, McGraw-Colina Professional, ISBN 0-07-137959-two
• Michael Jeronimo, Jack Weast: UPnP Blueprint by Case: A Software Programmer'due south Guide to Universal Plug and Play, Intel Printing, ISBN 0-9717861-1-ix

External links [edit]

• The UPnP Forum
• ISO/IEC 29341-1:2011

Where To Find Plug And Play Services, Router,

Source: https://en.wikipedia.org/wiki/Universal_Plug_and_Play

Posted by: moorejusbache.blogspot.com

Share this post