Internet Gateway Device Protocol

Internet Gateway Device (IGD) Protocol is a protocol based on Universal Plug and Play (UPnP) for mapping ports in network address translation (NAT) setups, supported by some NAT-enabled routers. It is a common communications protocol for automatically configuring port forwarding, and is part of an ISO/IEC Standard ^[1] rather than an Internet Engineering Task Force standard.

Usage

Applications using peer-to-peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error-prone and time-consuming. Universal Plug and Play (UPnP) comes with a solution for network address translation traversal (NAT traversal) that implements IGD.

IGD makes it easy to do the following:

Add and remove port mappings
Assign lease times to mappings
Enumerate existing port mappings
Learn the public (external) IP address

The host can allow seeking for available devices on the network via Simple Service Discovery Protocol (SSDP) which can be controlled then with the help of a network protocol such as SOAP. A discover request is sent via HTTP and port 1900 to the IPv4 multicast address 239.255.255.250 (for the IPv6 addresses see the Simple Service Discovery Protocol (SSDP)):

M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MAN: "ssdp:discover"
MX: 2
ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Security risks

Malware can exploit the IGD protocol to bring connected devices under the control of a foreign user.^[2]^[3] The Conficker worm is an example of a botnet created using this vector.^[2]

References

^ ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185
^ ^a ^b Danny Palmer (2017-07-19). "This sneaky malware will cause headaches even after it is deleted from your PC". ZDNet. Archived from the original on 2 Feb 2021. Retrieved 2021-02-02. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; 26 January 2021 suggested (help)
^ Mike Barwise (2008-01-15). "Unwanted remote configuration for home routers". Heise Media UK Ltd. Archived from the original on 8 December 2013. Retrieved 2012-07-21.

External links

"OCF - Internet Gateway Device (IGD) V 2.0". OCF. Retrieved 2022-06-13.
"Internet Gateway Device (IGD) V 1.0". UPnP Forum. 2001-11-12. Archived from the original on 2011-02-22. Retrieved 2011-03-02.
"Internet Gateway Device (IGD) V 2.0". UPnP Forum. 2010-12-09. Archived from the original on 2011-03-12. Retrieved 2011-03-02.
UPnP Forum Internet Gateway Device presentation
Universal Plug and Play NAT Traversal FAQ by Microsoft. Archived copy
MiniUPnP is a free, lightweight open source client/server and C-library with support for UPnP IGD and additionally PCP/PMP as server
Linux implementation of an Internet gateway device server (no longer updated)

[ISO/IEC_29341-1] ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185

[:0-2] Danny Palmer (2017-07-19). "This sneaky malware will cause headaches even after it is deleted from your PC". ZDNet. Archived from the original on 2 Feb 2021. Retrieved 2021-02-02. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; 26 January 2021 suggested (help)

[3] Mike Barwise (2008-01-15). "Unwanted remote configuration for home routers". Heise Media UK Ltd. Archived from the original on 8 December 2013. Retrieved 2012-07-21.

[1]

[2]

[3]

Usage

Security risks

See also

References

External links