Disabling UPnP in Windows Pidgin 2.3.0

David F. Severski davidski-pg at deadheaven.com
Thu Nov 29 19:43:07 EST 2007


On Thu, Nov 29, 2007 at 06:31:13PM -0600, Billy Crook wrote:
> And for that matter, no destruction of your current computer's UPnP
> capabilities will slow down a virus that uses UPnP to upen your NAT router
> up.  That virus, willcery its own UPnP client that you won't be allowed to
> close.  The place to disable it if you are going to at all, is in your NAT
> routers.

The concern is not whether UPnP announcements are going to open my
network to hostile traffic, but whether or not Pidgin may be listening to
potentially hostile traffic (e.g. buffer overflows, malicious input).  I
use Pidgin to communicate on a motley collection of chat protocols such
as AIM, ICQ, Jabber, etc.  UPnP is not on my required list of protocols,
therefore I, like other users who have commented on this issue in the
past, am trying to disable it so that I am only running the service and
clients that are necessary for my required functionality.

The resistance to providing even an advanced configuration option or
plug-in functionality that allows users to follow security best practices
is surprising.  Is there a reason for UPnP to be in an always on state
that I'm not understanding?

David




More information about the Support mailing list