Internet Gateway Device Protocol
Internet Gateway Device (IGD) Standardized Device Control Protocol is a protocol for mapping ports in network address translation (NAT) setups, supported by a certain number of NAT-enabled routers.[1] It is a common communications protocol of automatically configuring port forwarding, and is part of an ISO/IEC Standard [2] rather than an Internet Engineering Task Force standard.
Usage
Applications using peer-to-peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error-prone and time-consuming. Universal Plug and Play (UPnP) comes with a solution for network address translation traversal (NAT traversal).
IGD makes it easy to do the following:
- Learn the public (external) IP address
- Requesting for a new public IP address[3]
- Enumerate existing port mappings
- Add and remove port mappings
- Assign lease times to mappings
The host can allow to seek for available devices on the network via Simple Service Discovery Protocol (SSDP) which can be controlled then with the help of a network protocol as SOAP. A seek request is sent via HTTP and port 1900 to the multicast address 239.255.255.250:
M-SEARCH * HTTP/1.1
Host:239.255.255.250:1900
ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
Man:"ssdp:discover"
MX:3
Security risks
With the help of scripting on a web page new risks and dangers can be also caused by the IGD protocol, assuming that the change of the configuration on the gateway device has been permitted. Thereby it would be possible to bring a computer or also a whole network under the control of a foreign user. This often occurs with criminal intention.[4] Many DSL-Routers, as for example FRITZ!Box common in Europe, support this procedure, the change of the configuration must be mostly still released by the user specially via the web interface, provided that the access was protected to the device by means of a password.
See also
- NAT Port Mapping Protocol (NAT-PMP)
- Port Control Protocol (PCP)
- Session Traversal Utilities for NAT (STUN)
References
- ↑ D. Wing; S. Cheshire; M. Boucadair; R. Penno; P. Selkirk (April 2013). "RFC 6887 - Port Control Protocol (PCP)". Internet Engineering Task Force (IETF). ISSN 2070-1721. RFC 6887
. Retrieved 2013-06-13. The Port Control Protocol allows an IPv6 or IPv4 host to control how incoming IPv6 or IPv4 packets are translated and forwarded by a Network Address Translator (NAT) or simple firewall, and also allows a host to optimize its outgoing NAT keepalive messages.
- ↑ ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185
- ↑ Roesler, Ruediger (13 June 2013). "Read or Change External IP-Address of a NAT-Router without any Internet Access". Microsoft. Retrieved 19 August 2013.
- ↑ Mike Barwise (2008-01-15). "Unwanted remote configuration for home routers". Heise Media UK Ltd. Archived from the original on 8 December 2013. Retrieved 2012-07-21.
External links
- M. Boucadair; F. Dupont; R. Penno; D. Wing (2013-04-26). "Universal Plug and Play (UPnP) Internet Gateway Device (IGD)-Port Control Protocol (PCP) Interworking Function". IETF. Retrieved 2013-06-13.
- "Internet Gateway Device (IGD) V 1.0". UPnP Forum. 2001-11-12. Retrieved 2011-03-02.
- "Internet Gateway Device (IGD) V 2.0". UPnP Forum. 2010-12-09. Retrieved 2011-03-02.
- UPnP Forum Internet Gateway Device presentation
- Universal Plug and Play NAT Traversal FAQ by Microsoft. Archived copy
- Free, BSD-licensed ANSI C library to control a Universal Plug and Play Internet Gateway Device or NAT-PMP
- Linux implementation of an Internet gateway device server