funsec mailing list archives
Re: Routers
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Sun, 27 Nov 2005 16:07:12 -0700
For those (like me) who didnt know http://en.wikipedia.org/wiki/Universal_plug-and-play The UPnP architecture is a distributed, open networking architecture that uses TCP/IP and the World Wide Web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between. .... and a few MS worms ;-) Media and device independence. UPnP technology can run on any medium including phone lines, power lines (PLC), Ethernet, IR (IrDA), RF (Wi-Fi, bluetooth), and FireWire. No device drivers are used; common protocols are used instead. * Internet-based technologies. UPnP technology is built upon IP, TCP, UDP, HTTP, and XML, among others. * Programmatic control. UPnP architecture also enables conventional application programmatic control. Protocol (description) Discovery Given an IP address, the first step in UPnP networking is discovery. When a device is added to the network, the UPnP discovery protocol allows that device to advertise its services to control points on the network. Similarly, when a control point is added to the network, the UPnP discovery protocol allows that control point to search for devices of interest on the network. The fundamental exchange in both cases is a discovery message containing a few, essential specifics about the device or one of its services, e.g., its type, identifier, and a pointer to more detailed information. The UPnP discovery protocol is based on the Simple Service Discovery Protocol (SSDP). [edit] Description The next step in UPnP networking is description. After a control point has discovered a device, the control point still knows very little about the device. For the control point to learn more about the device and its capabilities, or to interact with the device, the control point must retrieve the device's description from the URL provided by the device in the discovery message. The UPnP description for a device is expressed in XML and includes vendor-specific, manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. For each service, the description includes a list of the commands, or actions, to which the service responds, and parameters, or arguments, for each action; the description for a service also includes a list of variables; these variables model the state of the service at run time, and are described in terms of their data type, range, and event characteristics. [edit] Control The next step in UPnP networking is control. After a control point has retrieved a description of the device, the control point can send actions to a device's service. To do this, a control point sends a suitable control message to the control URL for the service (provided in the device description). Control messages are also expressed in XML using the Simple Object Access Protocol (SOAP). Like function calls, in response to the control message, the service returns any action-specific values. The effects of the action, if any, are modeled by changes in the variables that describe the run-time state of the service. [edit] Event notification The next step in UPnP networking is event notification, or "eventing". A UPnP description for a service includes a list of actions the service responds to and a list of variables that model the state of the service at run time. The service publishes updates when these variables change, and a control point may subscribe to receive this information. The service publishes updates by sending event messages. Event messages contain the names of one of more state variables and the current value of those variables. These messages are also expressed in XML and formatted using the General Event Notification Architecture (GENA). A special initial event message is sent when a control point first subscribes; this event message contains the names and values for all evented variables and allows the subscriber to initialize its model of the state of the service. To support scenarios with multiple control points, eventing is designed to keep all control points equally informed about the effects of any action. Therefore, all subscribers are sent all event messages, subscribers receive event messages for all "evented" variables that have changed, and event messages are sent no matter why the state variable changed (either in response to a requested action or because the state the service is modeling changed). [edit] Presentation The final step in UPnP networking is presentation. If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status. The degree to which each of these can be accomplished depends on the specific capabilities of the presentation page and device. [edit] Problems with UPnP * UPnP uses HTTP over UDP (known as HTTPU and HTTPMU for unicast and multicast), even though this is not standardised and is specified only in an Internet-Draft that expired in 2001. [2] * UPnP does not have a lightweight authentication protocol, while the available security protocols are complex. As a result, many UPnP devices ship with UPnP turned off by default as a security measure. jp _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Router speeds..., (continued)
- Re: Router speeds... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 25)
- Re[2]: Router speeds... Ilfak Guilfanov (Nov 25)
- Re: Router speeds... Dr. Neal Krawetz (Nov 26)
- Re: Router speeds... Martin Wehlou (Nov 26)
- Routers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 27)
- Re: Routers Martin Wehlou (Nov 27)
- Re: Routers Dr. Neal Krawetz (Nov 27)
- Re: Routers Blue Boar (Nov 27)
- Re: Routers Martin Wehlou (Nov 27)
- Re: Routers James Eaton-Lee (Nov 27)
- Re: Routers Dude VanWinkle (Nov 27)
- Re: Router speeds... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 25)
- Re: Routers Valdis . Kletnieks (Nov 27)
- Re[2]: Routers Pierre Vandevenne (Nov 27)
- Re: Re[2]: Routers Nick FitzGerald (Nov 27)
- Re: Re[2]: Routers Valdis . Kletnieks (Nov 27)
- Re: Re[2]: Routers Dude VanWinkle (Nov 27)
- Re: Re[2]: Routers Rob Slade, doting grandpa of Ryan, Trevor, Devon, and Hannah (Nov 28)
- Re: Routers Rob Slade, doting grandpa of Ryan, Trevor, Devon, and Hannah (Nov 28)