Which ports when uPnP is not enabled?

Hi,

I had MSN Messenger working for my wifes computer by opening (for instance)
port 6891 had to be mapped.

But currently, audio does not work anymore. Audio (according to old MSN
docs) must work by forwarding UDP 5004 to 65535.


Is there a change on this?

Thanks!

Greetings,

Port 6891 was used for file transfer in MSN Messenger 5 and below.

5004 through 65535 is still valid, but without UPnP, the chances of it being able to make a
direct connection (UPnP is also used for lookup of the external IP) is limited but Windows
Live Messenger (and MSN Messenger 7.x) should be able to connect voice-wise using a relay
server regardless. If the relay is down, busy, a third-party firewall is blocking the relay
connection or there's some problem on the contact's side then the audio conversation won't be
able to start.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger/MSN Messenger/Windows Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2006 Jonathan Kay.
You *must* contact me for redistribution rights.
--

"Egbert Nierop (MVP for IIS)" <> wrote in message
news:O$%...
> Hi,
>
> I had MSN Messenger working for my wifes computer by opening (for instance)
> port 6891 had to be mapped.
>
> But currently, audio does not work anymore. Audio (according to old MSN docs) must work by
> forwarding UDP 5004 to 65535.
>
>
> Is there a change on this?
>
> Thanks!

"Jonathan Kay [MVP]" <> wrote in message
news:u$...
> Greetings,
>
> Port 6891 was used for file transfer in MSN Messenger 5 and below.
>
> 5004 through 65535 is still valid, but without UPnP, the chances of it
> being able to make a direct connection (UPnP is also used for lookup of
> the external IP) is limited but Windows Live Messenger (and MSN Messenger
> 7.x) should be able to connect voice-wise using a relay server regardless.
> If the relay is down, busy, a third-party firewall is blocking the relay

Hi,

I don't have a firewall (no problems had with ever since, since I regard NAT
as a firewall).

Darn! Why is that MSN so dependent on UPnP? I have learnt that UPnP must be
turned off because hackers can hack UPnP today. Upgrading my modem is not
possible. THere's no recent flash.

> connection or there's some problem on the contact's side then the audio
> conversation won't be able to start.
>

Hi,

To be far, opposed to the original Windows Messenger and MSN Messenger 5 (which was
completely dependent on UPnP), there has been quite a lot of progress made in connectivity.
For instance, if the other side can accept direct connections properly, you should be able to
connect. It's only in highly locked up networking scenarios that the relay is required.

This used to be a bigger deal than it is now, but UPnP has now been in nearly every
consumer-grade NAT hardware for nearly four or five years. A fleet of applications now use
it (torrent clients, FTP clients, other instant messengers).

My question to you is, what do you mean "hackers can hack UPnP"? There was the initial
exploit in November of 2001, but there have been no further security issues in UPnP (and that
wasn't in UPnP per se anyway, it was in SSDP discovery and completely overblown by the
press). If you mean that any rogue application can open ports via UPnP, you're right -- but
if you have rogue apps running somewhere on your network already, you already have problems
bigger than a port being opened.

If you have a new scenario where UPnP can be exploited, please provide a link as I'd be most
interested.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger/MSN Messenger/Windows Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2006 Jonathan Kay.
You *must* contact me for redistribution rights.
--


"Egbert Nierop (MVP for IIS)" <> wrote in message
news:%...
> Hi,
>
> I don't have a firewall (no problems had with ever since, since I regard NAT as a
> firewall).
>
> Darn! Why is that MSN so dependent on UPnP? I have learnt that UPnP must be turned off
> because hackers can hack UPnP today. Upgrading my modem is not possible. THere's no recent
> flash.

"Jonathan Kay [MVP]" <> wrote in message
news:...
> Hi,
>
> To be far, opposed to the original Windows Messenger and MSN Messenger 5
> (which was completely dependent on UPnP), there has been quite a lot of
> progress made in connectivity. For instance, if the other side can accept
> direct connections properly, you should be able to connect. It's only in
> highly locked up networking scenarios that the relay is required.
>
> This used to be a bigger deal than it is now, but UPnP has now been in
> nearly every consumer-grade NAT hardware for nearly four or five years. A
> fleet of applications now use it (torrent clients, FTP clients, other
> instant messengers).
>
> My question to you is, what do you mean "hackers can hack UPnP"? There
> was the initial exploit in November of 2001, but there have been no
> further security issues in UPnP (and that wasn't in UPnP per se anyway, it
> was in SSDP discovery and completely overblown by the press). If you mean
> that any rogue application can open ports via UPnP, you're right -- but if
> you have rogue apps running somewhere on your network already, you already
> have problems bigger than a port being opened.

There was an IDG press publication that mentioned that soon all routers
should have UPnP disabled because a special malformed packet that could be
sent. However, this was one month ago and I've never heard of problems
anymore since.

> If you have a new scenario where UPnP can be exploited, please provide a
> link as I'd be most interested.

I've made my decision that that IDG report might have been just a post to
fill-up the website but not a verified hack.
Thanks for your time.

> --
> Jonathan Kay
> Microsoft MVP - Windows Live Messenger/MSN Messenger/Windows Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2006 Jonathan Kay.
> You *must* contact me for redistribution rights.
> --
>
>
> "Egbert Nierop (MVP for IIS)" <> wrote in
> message news:%...
>> Hi,
>>
>> I don't have a firewall (no problems had with ever since, since I regard
>> NAT as a firewall).
>>
>> Darn! Why is that MSN so dependent on UPnP? I have learnt that UPnP must
>> be turned off because hackers can hack UPnP today. Upgrading my modem is
>> not possible. THere's no recent flash.
>
>

Nearest thing I could Google is people in 2003 trying to break it unsuccessfully.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger/MSN Messenger/Windows Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2006 Jonathan Kay.
You *must* contact me for redistribution rights.
--


"Egbert Nierop (MVP for IIS)" <> wrote in message
news:...
> There was an IDG press publication that mentioned that soon all routers should have UPnP
> disabled because a special malformed packet that could be sent. However, this was one
> month ago and I've never heard of problems anymore since.
>
>> If you have a new scenario where UPnP can be exploited, please provide a link as I'd be
>> most interested.
>
> I've made my decision that that IDG report might have been just a post to fill-up the
> website but not a verified hack.
> Thanks for your time.