Since more than a few people were interested in current technology related
to UpNp,

here's some of the features of this dangerous, yet mostly open protocol:

Miranda is one of the oldest tools used for upnp discovery.
http://www.securiteam.com/tools/6N0012KN5Q.html

http://www.ethicalhacker.net/content/view/220/24/

On a more interesting note, upnp can actually be used as an attack vector:
http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play/

Which has been exposed at both 2600 and DefCon as early as 2001.
http://www.upnp-hacks.org/upnp.html

The most common current use of upnp as an attack vector involves Linksys
"routers":
http://homecommunity.cisco.com/t5/Wireless-Routers/Hackers-Using-Linksys-Wireless-Router-to-Break-In-Through-The/m-p/330103

As you can see, any of you wanting to do research in this area, could easily
come upon some real world cracks or at least a few bugtraq entries.  Perhaps
enough to present next year at one of the security Cons?


 http://www.obnosis.com
*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*