Want a web connection, from an unknown computer, that can't be disabled?

Noticed a web connection called "Linux IGD ". Don't know where it originated. Status showed it active, quite busy in fact, having transferred more than a GB each way. Tried to disable it and got an error saying that it can only be disabled at the originating computer!

A discription:

and this web page indicates that it's from an update to MSN messenger.

I don't use messenger, so was shocked to find a computer somewhere on the web running a two way connection to my computer, so booted to safe mode to see if the connection could be disabled there. At that point the entire contents of "network connections" was missing; the window was blank. Disconnected from the web, made a backup to DVD of recent data and deleted all My Documents. Then returned to normal mode and found the network connections window still blank!

Restored system to 1 month ago and am now fine. Contents of network connections window is back to normal. Uninstalled messenger to maybe avoid a future similar connection.

Is this really something from MS? And is it possible someone on the web was exploiting it? Don't know when it appeared. Who looks at network connections all the time?

Here's another rant, and I certainly agree with what's said. It's a terrible idea.

 

http://www.dslreports.com/forum/remark,12388777~mode=flat

?

 

More questions than answers?

Already referenced that one, TonyT.

Thanks guys, but is there an easier way to disable or avoid the "problem "? Why didn't XP's firewall protect the computer? Why does it show up after an update to windows? With several explanations on the web, who to believe?

From wikipedia.org, "UPnP comes with a solution for Network Address Translation (NAT) traversal: Internet Gateway Device (IGD) protocol. "

And: "The UPnP architecture offers pervasive peer-to-peer network connectivity of PCs, intelligent appliances, and wireless devices. The UPnP architecture is a distributed, open networking architecture that uses TCP/IP and http to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between. It enables data communication between any two devices under the command of any control device on the network." Does this mean that it bypasses firewalls somehow?

Doesn't that mean any computer on the web? If it's been in the modem firmware all along, why did it suddenly appear now and act like a rogue snoop?

What about this? (same source) "UPnP architecture enables vendor control over device user interface and interaction using the web browser. ", emphasis mine.

I still don't like it. Convince me if you can.

p.s. (same source) "many UPnP devices ship with UPnP turned off by default as a security measure. "

 

Tried removing. Not there, unless it's buried under a broad name such as 'networking services'.

Think I'll try to turn it off in the dsl modem next, for security.

BTW, what hid the entire contents of ctrl pnl > net conn's after my first attempt to disable it in XP? Could it have been my modem hiding???

Here's some more info from MS:

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/upnpxp.mspx#EAMAC

"UPnP uses standard TCP/IP and Internet protocols, enabling it to seamlessly fit into existing networks

"it is independent of any particular operating system, programming language, or physical medium (just like the Internet).

" UPnP device and service descriptions built on open, Internet-based communication standards.

"UPnP devices can use many of the protocols in the TCP/IP stack including TCP, UDP, IGMP, ARP and IP as well as TCP/IP services such as DHCP and DNS.

"Universal Plug and Play is ... powerful enough to scale to the global Internet, "
I believe that!

 

Hi sparrow
I have QWest DSL with a "ActionTEC DSL Modem with wireless Gateway ".

Thou I am not on a wireless network (that I know of) ?
I see that the Gateway is connected, and I believe that it used to not have a connection a while back....last time I looked which was a while back.

I am running McAfee's Personal firewall (Free with QWest and MSN) This has full access to the internet and "Hacker Watch" through McAfee's firewall says this....
"Application Information
Application Layer Gateway Service
Application Layer Gateway Service is used by Internet Connection Sharing, the built-in Internet firewall, and the DSL PPPoE client in Windows XP. If you are experiencing problems with connecting to the Internet, please make sure this file has full access, not just outbound only access.
Manufacturer: Microsoft Corporation

Notes:
This executable is part of the operating system. "

"If" this has been connected from the last windows update because of messenger, I sure would like to know why, what the purpose is that it now needs a connection when it did not before the update.
Seems to me that it could end up being another vulnerability that MS may have to deal with at a latter date??
Geri

 

Current status here remains fine. Did follow TonyT's suggestion to remove UPnP in add/remove progs - it was under network stuff as suspected. Recall we used to do something similar with a little program since the early days. Haven't missed it yet.

This episode occurred on my XP Pro x64 OS only; my other OSs, win98, 2000, and XP Home (all online thru the same modem) were and remain unaffected. There is a dearth of free firewalls for 64 bit OSs, so have employed XP’s to see how well it works. Do have Qwest and an actiontech like Geri, but not MSN, and don't use the wireless option.

Wonder if there's an easier way to catch such stuff as occurred to my XP64 than looking at network connections periodically - kind of a nuisance.

Thanks everyone for your input.and suggestions.

 

Hi Tony

Where would I look for the routers control panel? and the configurable firewall controls?
Was told none of this stuff when I bought and installed the modem.

Also the web site you posted last, I checked for these...

Go to Start—> Settings-—> Control Panel—> Add or Remove Programs, then click on Add/Remove Windows Components in the left-hand column. When the Windows Components window comes up, scroll down and click on the Network Services line, then click Details.
Do you see Internet Gateway Device Discovery and Control Client selected? If so, clear that check box.
Do you see RIP Listener selected? If so, clear that check box.
Do you see Simple TCP/IP Services selected? If so, clear that check box.
Do you see Universal Plug and Play selected? If so, clear that check box.
The only one checked was the "Internet Gateway Device Discovery and Control Client" The others were unchecked.
I'm a bit of a chicken when doing this kind of stuff so I left it as is.

Like sparrow, I also don't use the wireless option. Have it connected to my Ethernet.
Geri

 

Thanks for the great reference in your last post, TonyT.

Have read (your reference), and read previously, that software firewall should also be run, especially since we have no good description of the actiontech firewall. For another example:

from:http://www.cable-modems.org/articles/linksys_review/
"Packet filters (this is what Linksys calls a firewall, but by today’s standards that is stretching it a bit). "


Geri, access the actiontech setup/status main menu page by typing 192.168.0.1 in the address window of your browser. You should have given it a password when you set it up; user name is admin unless you changed it.

UPnP may be under advanced. Haven't bothered myself yet. Warning that error could stop modem makes me nervous. Going to wait to see if turning it off in XP works.

Some directions here too. (referenced previously)

 

Hi sparrow
Typing in that number gets me a MSN search page?
See here

I do recall a numer that I was given once, but that was to check my download and upload speeds. Don't recall there being any setting there??
I'll see if I can find the number.
Geri

 

You may need to try a different browser.

 

Geri,
Open a cmd window and type ipconfig /all and see " Default Gateway . . . . . . . . . : 192.168.0.1 "
This is mine. Yours may differ, but that's the address you input to the browser.

You're not typing into a search blank, are you? It should be typed where you'd type in a URL.

 

Hi sparrow
You was correct, the number was right and I had to use my Internet Explorer browser. My MSN Explorer browser would not let me get there??

I looked around and could not find a UPnP.
Did find a firewall and settings for it, It was set to basic, with a "low, medium and high" settings also.
Did not change the setting, without some kind of information on it I am reluctant to make any changes
That's that chicken part in me working again

Thanks for the directions.
Geri

BTW, If it was really going to work so well, then why all the blocks from my personal firewall??

 

Glad you found it. One more reason to avoid MSN. You're missing a lot if you're not using tabbed browsing.

Reread Tony's last reference, especially the part under the heading "Are you an XP user with a DSL router? ". That's the advice I've followed and so far no problems.