Talk:Universal Plug and Play
|This is the talk page for discussing improvements to the Universal Plug and Play article.
This is not a forum for general discussion of the article's subject.
|WikiProject Computing / Networking||(Rated Start-class, Mid-importance)|
This article has been mentioned by a media organization:
|The content of UPnP AV media server was merged into Universal Plug and Play. For the contribution history and old versions of the redirected page, please see ; for the discussion at that location, see its talk page. (2011-08-25)|
|The content of UPnP Forum was merged into Universal Plug and Play. For the contribution history and old versions of the redirected page, please see ; for the discussion at that location, see its talk page. (2012-01-04)|
- 1 "Universal Plug-and-Play" or "UPnP"?
- 2 Too many red links
- 3 Auto IP?
- 4 Steve Gibson - Hysteria?
- 5 Companies behind it, forum, corporation
- 6 dead link report
- 7 security considerations
- 8 Digital Item Declaration Language
- 9 Link to libupnp changed
- 10 UPNP TwonkyVision
- 11 Examples, Anyone?
- 12 M740 AV ?
- 13 On2Share is no longer available as stand-a-lone UPnP Control Point for Winamp (beta)
- 14 Security
- 15 CopyVio?
- 16 Comparisons of software/hardware?
- 17 Too technical
- 18 Added Media Renders
- 19 Removed sections for UPNP AV Media Servers
- 20 New UPNP security issue
- 21 The overview section needs work
- 22 Bonjour?
- 23 UPnP as a Networking Protocol?
- 24 Advertising
- 25 non-neutral focus on security leaks?
- 26 question
- 27 Merger proposal
- 28 Section deletion
- 29 Salvage
- 30 New contribution
- 31 Dead link 
- 32 eezUPnP client ?
- 33 External links modified
- 34 link dead or not working...
"Universal Plug-and-Play" or "UPnP"?
According to the UPnP Implementers Corporation, the UPnP word mark is NOT an acronym and should always be written as UPnP.
The corporation's own tips on using the word mark claim that the UPnP mark "...is a single entity that happens to consist of four symbols (i.e. four letters), which individually do not have any particular meaning."
I think that at least the page content should be changed, but am unsure as to whether or not the title should also be changed. (Newbie insecurity:-)
JoeBloggs 13:26, 29 Mar 2005 (UTC)
- Could it be that "Universal Plug and Play" and UPnP is the name of the technology, where "UPnP(tm)" is the trademark of the UPnP(tm) Implementers Corporation? Their point about the letters not having any meaning could be to protect their mark as being different than Universal Plug and Play, the technology, giving them weight should the need arise to protect their certification program in court. While I am not able to find any support for this, the term, "Universal Plug and Play" and, "UPnP" (sans TM) appears too often and for too many years together for me to think that UPnP (sans TM) does not stand for Universal Plug and Play and vice versa. Anyone else know better? --FlashBIOS 02:53, 2 May 2006 (UTC)
- "Universal Plug and Play" was considered to be "descriptive" by the U.S. Patent and Trademark Office, and couldn't be trademarked. "UPnP" was thus trademarked as both a "word mark" and a certification mark (the UPnP logo that shows on the main article). But "Universal Plug and Play" had already been publicized as the name of the technology, and there's no going back! So, FlashBIOS is right -- it's a difference between the descriptive term for the technology and the protected trademark name and logo associated with certified devices.Tobylnixon (talk) 23:17, 7 May 2009 (UTC)
Too many red links on this page. Set up some of these as redirects, or change the content. ArbiterOne 10:10, 8 Jun 2005 (UTC)
What exactly is "Auto IP"? I've never heard of such a thing. There's Reverse ARP (RARP), Bootstrap Protocol (BOOTP), and Dynamic Host Configuration Protocol (DHCP), but no "Auto IP". It's removed in the article until someone can explain wtf it is.—Kbolino 04:41, September 6, 2005 (UTC)
- "Auto IP" generally refers to RFC 3927 (Dynamic Configuration of IPv4 Link-Local Addresses). See Zeroconf. -- markmc 09:32, 25 November 2005 (UTC)
- I clarified that AutoIP is the name the UPnP Device Architecure itself gives to the address assignment mechanism that UPnP devices must use, that it is defined within the UDA in version 1.0 (not EXACTLY the same as RFC 3927), and that it refers to RFC 3927 in UDA 1.1. Tobylnixon (talk) 22:43, 7 May 2009 (UTC)
Steve Gibson - Hysteria?
Steve Gibson grc.com has a utility to turn off all related UPnP services under Windows XP. On his podcast he also makes heavy usage out of how bad he think it is. Should this be included in this article, or is it hype?
Steve Gibson is far from hysteria, Gibson in his podcast, wants people to know what is this how it works so they can make their own educated choice if they need it and leave it open or turn it off. i had the chance to talk to him in person in starbucks. I also stated that sometimes he is overblowing things more than needed. He told me that If i run UPNP, because of my choice, he has no problem with mu computer or router or UPNP, but if UPNP runs behind my back and i have no idea of this, he has problem. Steve Gibson's goal is people to know what is going on, to know what this is, how it works, so people can make educated choice do they need it or not, leaving the final choice to them. 188.8.131.52 (talk) 21:28, 16 October 2011 (UTC)
Companies behind it, forum, corporation
Except for link to UPnP Forum (no info there), no info about companies behind this protocol. Background info about companies, history, etc would be nice. Just as a quick note i know that Nokia likes UPnP :-) because the N80 (to be released soon) is actually going to support it.
- I would be happy to add a list of companies that have UPnP certified devices, but it would be stale almost instantly. I could add a list of companies currently serving on the UPnP Forum Steering Committee or that have served on it in the past, but that also changes over time. Do you think these would be useful additions to this article, or would they be better in the UPnP Forum article? Tobylnixon (talk) 22:48, 7 May 2009 (UTC)
the "technique comparison" link at the end of the article is dead.
update: another dead link found: http://www.iec.ch/news_centre/release/nr2008/nr4008.html
It is interesting to see more deep security analysis about risks of using this protocol in public commercial or corporative environments. Also which kind of attacks this one is exposed to (spoofing, MITM, DoS, etc).
- I checked the article today and there's no mention of the obvious security implications of upnp either. Also, the article unfortunately reads like an advertizement to me... You're right, there is missing a Security Considerations section. 184.108.40.206 (talk) 23:09, 19 December 2011 (UTC)
Recently the internet has endured massive DDoS attacks, and the blame seems to largely be on botnets of IoT devices with default credentials. And apparently these devices use UPnP to drill through the user's firewall, which exposes them to the wide internet, thereby making them vulnerable to being co-opted into joining the botnet. — Preceding unsigned comment added by 220.127.116.11 (talk) 15:34, 23 October 2016 (UTC)
Digital Item Declaration Language
Perhaps there could be a link in this article to Digital Item Declaration Language, it seems quite in accordance.
Link to libupnp changed
Its the wrong way round. The software is called TwonkyMedia made by TwonkyVision. It also isnt free anymore. Changes made as nescessary. TREX6662k5 03:06, 24 August 2006 (UTC)
This article would be more immediately useful if it included at least one good example of a usage of UPnP, either near the beginning of the text or in a dedicated section. The MediaServers section, for example, has an example (PVRs), but not the UPnP article itself. (Adding something other than networked PVRs would be best for this.) Parsiferon 23:00, 27 August 2006 (UTC)
M740 AV ?
No mention is done about Siemens Gigaset M740 AV (Tnt Decoder) witch can connect to a media server
Try this: http://www.universalmediaserver.com/
Search the Universal Media Server forum for 'M740AV' or try the direct link:
As mentioned in section '5.1 UPnP Software Players & Control Points': -Winamp, a free closed source media player for Windows, using the commercial On2Share UPnP plug-in.
The plug-in is no longer available. see On2Share - UPnP Media Server & Control Point - On2Share [Winamp] --18.104.22.168 11:00, 23 October 2006 (UTC)
- UPnP does not have a lightweight authentication protocol, while the available security protocols are complex. As a result, many UPnP devices ship with UPnP turned off by default as a security measure.
- What does that mean? — Omegatron 06:53, 20 January 2007 (UTC)
- that it takes up allot of memory, and thus disabled. Markthemac 14:44, 7 October 2007 (UTC)
- That's not the reason the UPnP DeviceSecurity DCP is not widely implemented, Markthemac. At the time the DCP was developed (back in 2003), very few of the commercially-available embedded web server stacks (on which UPnP is generally built) supported SSL/TLS, and it was not feasible for device implementers to add that capability to the stacks. It thus became a requirement for the UPnP Security Working Committee (of which I was a member) to identify a security scheme that would work without requiring SSL/TLC channel-based security. The DCP was thus based on SPKI, AES for privacy protection, and XML-DSig for integrity protection, all of which could be implemented on top of then-existing HTTP stacks. It proved to still be just too far ahead of its time. Now that SSL/TLS is widely implemented in embedded stacks, UPnP Forum is in the process of creating a new DeviceProtection DCP that will be much simpler to implement. Tobylnixon (talk) 23:12, 7 May 2009 (UTC)
Lots of text seems directly copied from  and only modified slightly. Compare the example of:
- (The Wikipedia Article)
- The UPnP architecture offers pervasive peer-to-peer network connectivity of PCs, intelligent appliances, and wireless devices. The UPnP architecture is a distributed, open networking architecture that uses TCP/IP and HTTP to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between.
- (The link)
- UPnP is an architecture for pervasive peer-to-peer network connectivity of intelligent appliances, wireless devices, and PCs of all form factors. ... UPnP is a distributed, open networking architecture that leverages TCP/IP and the Web technologies to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and public spaces.
The source material is copyrighted, and I don't think the wikipedia article is enough of a re-write, but I'm not gonna tag the article, yet. Gront 21:37, 24 January 2007 (UTC)
Comparisons of software/hardware?
Does anyone know of a comparison of the different software/hardware packages out there with an emphasis on feature lists? This seems like a good idea for this page... Twinotter 21:30, 7 March 2007 (UTC)
This article goes into too much technical detail -- the bulk of it describes the workings of the protocol, and parties needing that information should go directly to the source. At the same time, the article does not answer (in clear terms, anyway) simple layman's questions like whether UPnP is dependent on both hardware and software designed to support it (and the answer is yes, you need both). VanishingUser 09:34, 26 March 2007 (UTC)
Added Media Renders
Back in Feb 07 a list of hardware media players was removed from the control points section. This list is correct just in the wrong section so i have restored the old list and put it under the heading "UPnP Media Render Hardware"
Removed sections for UPNP AV Media Servers
The article is about UPNP not its specific device implementations and what can be achieved by it, there was very little content to this section and just a big bunch of links I have created a new article about UPnP AV MediaServers with what was there. feel free to clean that up. Very little gravitas indeed 10:12, 15 November 2007 (UTC)
New UPNP security issue
Reported here http://www.channelregister.co.uk/2008/01/15/home_router_insecurity/ is a new issue with UPNP. Maybe someone more tech aware than me can add it. Dublinblue (Simon in Dublin) (talk) 11:22, 15 January 2008 (UTC)
- The article is _sort_ of accurate. I see that someone has added a "criticism" section to this article which references an article outlining the same problem (http://www.gnucitizen.org/blog/flash-upnp-attack-faq/), but in my opinion, this criticism is misplaced. This is not a problem with UPnP, but a problem with how UPnP is used with Internet Gateway Devices. There is no reason authentication cannot be incorporated into UPnP devices (the standard doesn't define it, but that doesn't mean it's not possible--I wrote an application that implements authentication over UPnP).
- The real issue is the way Internet Gateway Devices have been defined (in general, the UPnP IGD specification is flawed to its very core). UPnP is a presence, messaging, and control protocol, and has nothing to do with IGD devices. IGD _uses_ UPnP, but it seems odd to criticize the protocol simply because one implementation of the protocol was poorly engineered.
- Does anyone have any thoughts on this? I'm inclined to move the criticism section to a different article; I really think it's misplaced in this article.
The overview section needs work
The overview section sounds like an advert for UPnP.
The way i understand it, the main problem with UPnP is that it contains a mechanism for configuring of NAT traversal without demanding authentication. The technology stinks of dumbing computing down and making it insecure. If Joe Sixpack enables UPnP on their router at home, it is possible that a flash applet loaded by an internet page they view will reconfigure their router, so allowing access from outside to their home network.
Having said that, the news section seems out of place. Why explicitly list this one bug? A reference somewhere in the criticisms section would be enough here, in my opinion. Howlingmadhowie (talk) 08:41, 11 June 2008 (UTC)
This entire section seems to be written by someone selling UPnP. The statements made are very vague and don't give anyone reading it an overall idea of what UPnP actually is. It's full of corporate double-talk. An example is this gem:
User interface (UI) Control UPnP architecture enables vendor control over device user interface and interaction using the web browser.
Why not just say, easily and more succinctly, that UPnP defines no user interface? Or:
UPnP does not specify or constrain the design of an API for applications running on control points;
In this case, I'd say that UPnP is a network protocol, not an API or software product.
It's almost like the article is TRYING to confuse people.
- I will try to pull together a simple and concise comparative statement. Tobylnixon (talk) 23:32, 7 May 2009 (UTC)
- In the meantime there is a comparison called "How does Zeroconf compare with Viiv/DLNA/DHWG/UPnP?". It was written by the authors of Zeroconf (aka Bonjour) so is probably biased towards Zeroconf, however the points it makes are none the less valid.
- On a related issue I am a little confused by the statement "NAT-PMP is focused only on NAT traversal" within the article. Like UPnP IGD, NAT-PMP also detects external addresses and does port-mapping however it uses timed leases and can detect conflicts. UPnP IGD on the other hand just overwrites old mappings with whoever requested a specific port last and the mappings exist until deliberately deleted- should this be listed as a problem of UPnP?. See draft-cheshire-nat-pmp.txt. Rockinrobstar (talk) 13:54, 13 June 2010 (UTC)
UPnP as a Networking Protocol?
I think this article is a bit misleading in regards to UPnP being a pervasive networking protocol used in corporate environments. In the first paragraph it lists UPnP as a computer networking protocol (which later makes reference to an expired IETF draft), also it is somewhat misleading stating that UPnP is used for data communications in a corporate environment (USB hard drive to computer, sure, but not for networked devices as is suggested). My experience and training have taught me that having a device be able to dynamically mix into a corporate network, if left unchecked, is a bad thing (any networking security certification will tell you this, such as my CompTIA Security +, or CCNA/CCNP). I think while the attempt of making UPnP a networking protocol is a valid stub, portraying it as an all out standardized networking protocol is not appropriate. I think the bulk of the article needs to be focused on USB and hardware expansion devices that utilize UPnP (NIC's, graphics cards, Ipods, usb attached devices etc...). Cheers, —Preceding unsigned comment added by Jon.firstname.lastname@example.org (talk • contribs) 15:20, 7 November 2008 (UTC)
- You're confusing "UPnP" with "PnP". PnP (Plug-and-Play) is a technology in Windows that allowed PC add-in cards to be automatically assigned IO addresses, memory addresses, IRQs, DMA channels, etc., later expanded to encompass automatic installation of externally-attached devices such as via USB, Bluetooth, 1394, bidirectional parallel ports, and networks (to get the right drivers installed, etc.). UPnP is an internationally standardized networking protocol (ISO/IEC 29341) for discovery, description, control, and event notification of networked devices, and is independent of Windows. You are right, though, that UPnP is not widely used in corporate environments. Tobylnixon (talk) 12:56, 7 May 2009 (UTC)
- I tried to change "corporate" to "small business" to reflect the reality that UPnP is almost never used in enterprise environments, but was reverted on the basis that small businesses can also be "corporations". The difference is really between self-administered (typical in homes and small businesses) and professionally-administered networks (typical in medium-sized to large enterprises). I'm still trying to figure out how to express that concisely enough to go into the opening paragraph! Tobylnixon (talk) 23:24, 7 May 2009 (UTC)
Some parts of this article read like an advertisement. For example: "Any operating system and any programming language can be used to build UPnP products. UPnP does not specify or constrain the design of an API for applications running on control points; OS vendors may create APIs that suit their customer's needs. UPnP enables vendor control over device UI and interaction using the browser as well as conventional application programmatic control."
This sounds like a brochure advocating the use of UPnP. Specifically "enables vendor control over device UI and interaction" sounds like mumbo-jumbo to me. Since when has *any* network protocol dictated how the UI controlling it, or controlling something running over it, should look? -- Sorpigal (talk) 12:51, 9 February 2009 (UTC)
- It is a fact that UPnP is defined in terms of wire protocols, and independent of any operating system or programming language, unlike some of its competitors such as Jini. I agree with you that the second sentence about UI was confusing and redundant, and deleted it. Tobylnixon (talk) 23:28, 7 May 2009 (UTC)
non-neutral focus on security leaks?
It seems to me that over time, the page is expanding & expanding on messages about security leaks, while little else is added.
- I'm working on getting more complete and accurate information about UPnP posted here. (Toby Nixon, Vice President, UPnP Forum) Tobylnixon (talk) 23:29, 7 May 2009 (UTC)
I propose that the UPnP AV media server article get merged into this Universal Plug and Play article, since they basicially describe the same technology that is used for the same purpose, and there are already seperate articles for both List of UPnP AV media servers and clients and Comparison of UPnP AV media servers. Anyway, I am just questioning why have several articles for the same thing? 22.214.171.124 (talk) 07:41, 5 July 2011 (UTC)
- I don't see much overlap between the two articles. I'm not strongly opposed to a merge though. --Kvng (talk) 12:55, 7 July 2011 (UTC)
Nick Garnett 18:58, 12 July 2011 (UTC): Merging the UPnP Media Server article with this one seems OK, as long as the lead article is this one. The other UPnP devices should be addressed also, rather than just referring to "clients". There are a number of other devices, such as the player, renderer, etc. — Preceding unsigned comment added by Nickgarnett (talk • contribs) 18:58, 12 July 2011 (UTC)
Noticed (finally) that other UPnP devices are mentioned. I think the player and renderer deserve more attention. Nick Garnett 19:08, 12 July 2011 (UTC) — Preceding unsigned comment added by Nickgarnett (talk • contribs)
UPnP AV media server should be a subsection under UPNP. Possibly under another subsection for Applications of UPNP? — Preceding unsigned comment added by 126.96.36.199 (talk) 14:54, 2 August 2011 (UTC)
The section on potential problems with UPnP was missing, and had been completely deleted with an uninformative edit message by a drive-by editor. Since I could not find a debate about why it should be removed I have restored it for now. Carewolf (talk) 18:42, 1 January 2012 (UTC)
- Vulnerability Note VU#347812 - UPnP enabled by default in multiple devices at United States Department of Homeland Security - Computer Emergency Readiness Team (Wednesday, 9 April 2008).
- How to use Flash and UPnP to punch holes in most home firewalls at GNUCITIZEN (Saturday, 12 January 2008).
- Universal Plug and Play
- Recently has been developed a new UPnP service, called "Device Protection", for providing simple way to authenticate on a UPnP device. The authentication method is very similar to the Wi-Fi Protected Setup.
- Nice catch! Just edited the containing section, by removed some redundant content and this dead reference. — Dsimic (talk) 14:28, 7 December 2013 (UTC)
eezUPnP client ?
Hello fellow Wikipedians,
I have just modified one external link on Universal Plug and Play. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at
You may set the
|checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting
|needhelp= to your help request.
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
If you are unable to use these tools, you may set
|needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.
the link to the 31st quote, ( the declaration from the comm foundation after the security risk discovery ) needs EXACT archive location URL address , etc , INSTEAD of any bot/whatever, 'intelligent' assistance being LEFT able to 'accidentally' misdirect people.
non complete/direct URLs , are a well known 'accidental' damage-minimisation technique, but ALSO facilitation of EVASION, especially when CRIMINAL NEGLIGENCE, might be in order.
not saying that's neccessarily applicable here, but security worries over the net, certainly shouldnt be taken lightly/evasively.
- "Device Protection V 1.0". UPnP Forum. February 24, 2011.