Re: Routers

[Dude VanWinkle <dudevanwinkle () gmail com>]

For those (like me) who didnt know

http://en.wikipedia.org/wiki/Universal_plug-and-play

The UPnP architecture is a distributed, open networking architecture
that uses TCP/IP and the World Wide Web to enable seamless proximity
networking in addition to control and data transfer among networked
devices in the home, office, and everywhere in between.

.... and a few MS worms ;-)

Media and device independence. UPnP technology can run on any medium
including phone lines, power lines (PLC), Ethernet, IR (IrDA), RF
(Wi-Fi, bluetooth), and FireWire. No device drivers are used; common
protocols are used instead.

    * Internet-based technologies. UPnP technology is built upon IP,
TCP, UDP, HTTP, and XML, among others.

    * Programmatic control. UPnP architecture also enables
conventional application programmatic control.


Protocol (description)

Discovery

Given an IP address, the first step in UPnP networking is discovery.
When a device is added to the network, the UPnP discovery protocol
allows that device to advertise its services to control points on the
network. Similarly, when a control point is added to the network, the
UPnP discovery protocol allows that control point to search for
devices of interest on the network. The fundamental exchange in both
cases is a discovery message containing a few, essential specifics
about the device or one of its services, e.g., its type, identifier,
and a pointer to more detailed information. The UPnP discovery
protocol is based on the Simple Service Discovery Protocol (SSDP).
[edit]

Description

The next step in UPnP networking is description. After a control point
has discovered a device, the control point still knows very little
about the device. For the control point to learn more about the device
and its capabilities, or to interact with the device, the control
point must retrieve the device's description from the URL provided by
the device in the discovery message. The UPnP description for a device
is expressed in XML and includes vendor-specific, manufacturer
information like the model name and number, serial number,
manufacturer name, URLs to vendor-specific web sites, etc. The
description also includes a list of any embedded devices or services,
as well as URLs for control, eventing, and presentation. For each
service, the description includes a list of the commands, or actions,
to which the service responds, and parameters, or arguments, for each
action; the description for a service also includes a list of
variables; these variables model the state of the service at run time,
and are described in terms of their data type, range, and event
characteristics.
[edit]

Control

The next step in UPnP networking is control. After a control point has
retrieved a description of the device, the control point can send
actions to a device's service. To do this, a control point sends a
suitable control message to the control URL for the service (provided
in the device description). Control messages are also expressed in XML
using the Simple Object Access Protocol (SOAP). Like function calls,
in response to the control message, the service returns any
action-specific values. The effects of the action, if any, are modeled
by changes in the variables that describe the run-time state of the
service.
[edit]

Event notification

The next step in UPnP networking is event notification, or "eventing".
A UPnP description for a service includes a list of actions the
service responds to and a list of variables that model the state of
the service at run time. The service publishes updates when these
variables change, and a control point may subscribe to receive this
information. The service publishes updates by sending event messages.
Event messages contain the names of one of more state variables and
the current value of those variables. These messages are also
expressed in XML and formatted using the General Event Notification
Architecture (GENA). A special initial event message is sent when a
control point first subscribes; this event message contains the names
and values for all evented variables and allows the subscriber to
initialize its model of the state of the service. To support scenarios
with multiple control points, eventing is designed to keep all control
points equally informed about the effects of any action. Therefore,
all subscribers are sent all event messages, subscribers receive event
messages for all "evented" variables that have changed, and event
messages are sent no matter why the state variable changed (either in
response to a requested action or because the state the service is
modeling changed).
[edit]

Presentation

The final step in UPnP networking is presentation. If a device has a
URL for presentation, then the control point can retrieve a page from
this URL, load the page into a web browser, and depending on the
capabilities of the page, allow a user to control the device and/or
view device status. The degree to which each of these can be
accomplished depends on the specific capabilities of the presentation
page and device.
[edit]

Problems with UPnP

    * UPnP uses HTTP over UDP (known as HTTPU and HTTPMU for unicast
and multicast), even though this is not standardised and is specified
only in an Internet-Draft that expired in 2001. [2]

    * UPnP does not have a lightweight authentication protocol, while
the available security protocols are complex. As a result, many UPnP
devices ship with UPnP turned off by default as a security measure.


jp

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.