Internet Gateway Device Protocol

From Wikipedia, the free encyclopedia
Diagram of the UPnP's discovery phase

Internet Gateway Device (IGD) Standardized Device Control Protocol[1] is a protocol for mapping ports in network address translation (NAT) setups, supported by some NAT-enabled routers.[2] It is a common communications protocol for automatically configuring port forwarding, and is part of an ISO/IEC Standard [3] rather than an Internet Engineering Task Force standard.


Applications using peer-to-peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error-prone and time-consuming. Universal Plug and Play (UPnP) comes with a solution for network address translation traversal (NAT traversal) that implements IGD.

IGD makes it easy to do the following:

  • Learn the public (external) IP address
  • Request a new public IP address[4]
  • Enumerate existing port mappings
  • Add and remove port mappings
  • Assign lease times to mappings

The host can allow seeking for available devices on the network via Simple Service Discovery Protocol (SSDP) which can be controlled then with the help of a network protocol such as SOAP. A seek request is sent via HTTP and port 1900 to the multicast address


Security risks[edit]

Malware can exploit the IGD protocol to bring connected devices under the control of a foreign user.[5][6] The Conficker worm is an example of a botnet created using this vector.[5]

See also[edit]


  1. ^ M. Boucadair; R. Penno; R. Wing (July 2013). Universal Plug and Play (UPnP) Internet Gateway Device - Port Control Protocol Interworking Function (IGD-PCP IWF). doi:10.17487/RFC6970. RFC 6970.
  2. ^ D. Wing; S. Cheshire; M. Boucadair; R. Penno; P. Selkirk (April 2013). Port Control Protocol (PCP). doi:10.17487/RFC6887. RFC 6887. Retrieved 2013-06-13. The Port Control Protocol allows an IPv6 or IPv4 host to control how incoming IPv6 or IPv4 packets are translated and forwarded by a Network Address Translator (NAT) or simple firewall, and also allows a host to optimize its outgoing NAT keepalive messages.
  3. ^ ISO/IEC 29341,
  4. ^ Roesler, Ruediger (13 June 2013). "Read or Change External IP-Address of a NAT-Router without any Internet Access". Microsoft. Retrieved 19 August 2013.
  5. ^ a b Danny Palmer (2017-07-19). "This sneaky malware will cause headaches even after it is deleted from your PC". ZDNet. Archived from the original on 2 Feb 2021. Retrieved 2021-02-02.
  6. ^ Mike Barwise (2008-01-15). "Unwanted remote configuration for home routers". Heise Media UK Ltd. Archived from the original on 8 December 2013. Retrieved 2012-07-21.

External links[edit]