Windows XP UPnP Service

What Does This Mean To Me..?

Well in the future we are going to have the ability to control many devices in our home - ALL from one "box" if we wish... This is because UPnP enables devices to:

- Automatically obtain an IP address on a network

- Announce its name and capabilities to other devices

- Learn about other devices on a network

- Join and leave a network smoothly

New and innovative services and applications will be built around the capabilities of UPnP. Using your home as an example, the switch you first turn on when you come in at night could be a wireless UPnP device. This could be set to activate an application on a Windows XP computer which could for instance turn up the heating, close the blinds, turn on the stereo and enable the answering machine to start playing back any recorded messages the moment you walk in!

This may seem a bit far fetched as you read this article, but the technology is here with us now and has major industry support. So you can expect to see it appearing in home automation services soon.

There is however one way that UPnP is being used by many people in their homes and small businesses today - and that is in Internet Connection Sharing (ICS)...

Sharing My Internet Connection...

With the advent of broadband Internet access, sharing a single connection with others has started to become very popular.

The Internet Connection Service (ICS) on Windows XP Home and Professional is UPnP enabled. This means that another Windows XP machine on the same network, can "discover" and utilize the UPnP enabled Internet Connection Service of the main PC - just by being connected to it.. This makes the whole experience of Internet Connection Sharing very simple!

But What About NAT...?

For those of you unfamiliar with how home networks generally work, it is important to have at least a basic understanding of what is going on...

For all your computers to be able to speak to each other and use the Internet they each need some form of unique address. In the IT world these unique addresses are called IP addresses. Each PC requires a UNIQUE IP address.

Now if ALL these computers around the world have to have a unique address, then there is a problem because we are running out of them! So a small amount of these IP addresses are reserved for building home and small business networks. These are called "Private" IP addresses and can not be used to communicate with computers on other networks. So if you want to connect your home network to the Internet it is going to need a UNIQUE IP address also. These are called "Public" IP addresses and are assigned to your computer by your ISP when you log onto the Internet.

This raises the question of how can your machines all see the Internet if they are using private IP addresses? Well that is where NAT or Network Address Translation comes in.

Now image you have 3 PC's at home and you want them all to share an Internet Connection. The easiest way to do this would be to put a Network Interface Card (NIC) into all of the PC's and plug in an Ethernet cable which connects into a small hub or switch at the other end of the cable. Now you have a 3 PC's that can all send signals to each other. The operating system on each PC will need to be setup to "see" each other machine and this is done using the network wizard. Now we connect the USB modem that out ISP has given us and we plug it into the PC we want to call our "Main" PC. This should be running Windows XP Home or Professional.

Now the IP addresses are handed out.... When we connect to the Internet our ISP gives the USB modem connection a "Public" IP Address. Because we are using Windows XP Internet Connection Sharing that is UPnP enabled. This "Main" PC can give out a "Private" IP address to the Network Interface Card (NIC) in each of the 3 PC's.

Now the Windows XP Internet Connection Sharing service acts as a "Gateway" between the private network (Our 3 PC's) and the public network (The Internet.) So when information goes out of the private network and onto the public network, NAT translates the private addresses of the NIC's to the public IP address on the USB modem. And the reverse happens when information comes back into the private network. NAT will even remember which private IP address made the request from the public network (such as email) and send the information directly to it. NAT basically keeps the 3 PC's hidden from the Internet. All anyone on the Internet can see is the single Public IP address. NAT is very good at security too so it will block attempts from other computers on the Internet attacking your home network and by enabling XP's built in firewall feature you can protect your network from most probes and attacks against this "public" IP address.

"I Have Heard That NAT Stops Me Using Some Applications...?"

YES, because of the way NAT works it effectively hides your internal network form the Internet. (This is a good thing.) However it can stop friendly traffic coming back into your network so applications like Net Meeting, game-sharing and peer-to-peer software will not work.

The technical reason for this is that when an application like Net Meeting is used it sends out "packets" of information from a Private IP address via what are known as "ports" on the PC. This all goes through the "Gateway" where NAT translates it to a Public IP address. The "packets" then arrive at your friends PC where they see and here you. But any video/sound/text "packets" that arrive from their PC hit NAT on your main PC and there the trouble begins. NAT is hiding your PC's so the "packets" that arrive can not go through the NAT translation process because it denies these "ports" exist. So it just discards the information!

In reality the text can generally get through, but nothing else...

Is There A Solution...?

YES. The UPnP forum realised that this was going to be a HUGE problem so they developed something called "NAT Traversal"

Essentially NAT Traversal can automatically solve many of the problems NAT imposes on applications such as Net Meeting. It is still NAT but has the added function of keeping open the "ports" that are needed during the Net meeting session. This then allows all the "packets" of information to get through.

So all software companies that want to have their applications work on your NAT based network have to make their software UPnP enabled. As you can imagine Microsoft have done this for all their XP software. e.g., Net meeting and MSN Messenger.

So before you go ahead and build that network at home, make sure your software will work through UPnP..

I Want To Use A Router & Not a USB Modem...

Another very popular way of connecting your home network to the Internet is by using a "router." Your internet connection will connect to it and so will your home network PC's, so there is no need for Internet Connection Sharing via a "main" PC.

The router uses NAT, just like XP's Internet Connection Sharing, and will cause the same connection problems we just talked about. However many of the leading router manufacturers are releasing software updates, that can make the router a UPnP enabled router. Now the router will have NAT Traversal abilities and the application problems should disappear. So all your XP machines connected to the router should quite happily share games and other applications over the Internet....

UPnP Certified Logo

Is There A Security Risk...?

YES. The original implementation of UPnP under Windows XP is NOT SECURE.

The following article explains what you should do to secure your Windows XP against this security flaw. Please note that it does NOT matter if you are running ICS or not.

This issue effects ALL Windows XP users. For More Information On UPnP Security: http://www.updatexp.com/upnp_security.html