Test your router to make sure UPnP is NOT exposed on the WAN

Networking and broadband talkabout. Need help with that new router or setting up a network?
User avatar
FlyingPenguin
Flightless Bird
Posts: 27576
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Test your router to make sure UPnP is NOT exposed on the WAN

Postby FlyingPenguin » Wed Apr 18, 2018 3:52 pm

This is a very old problem that should have been fixed a LONG time ago, however there's a shocking number of routers that STILL have this vulnerability. UPnP should NEVER be exposed on the WAN. It shouldn't even be possible. This is just sloppy programming of the firmware.

GRC's ShieldsUp! has the ability to test for this. Go to ShieldsUp page here, and press Proceed, then on the next page press the "GRC'S Instant UPnP Exposure Test" button: https://www.grc.com/shieldsup

DO I EVEN NEED UPNP AT ALL?
Security experts suggest, and I whole heartily agree, that unless you NEED UPnP, it should be turned off entirely, even on the LAN side of your router.

UPnP is a way that devices and apps on a LAN can ask the router (without any approval from you) to setup a port forward (and that forward is usually invisible - it doesn't show up in the router's manual port forward list). The original intention was to make it easy for non-techies to setup port forwarding for game hosting on the XBox. However, since there's no security of any kind and ANYTHING on your network can open a port via UPnP (thereby completely defeating the purpose of your router's firewall), it's very dangerous. A malicious app or IoT device could open a port and run a server from inside your network.

Most people on this forum probably know how to setup port fowarding in their router, and can easily do without UPnP.
"I miss having 'differences of opinion'. All this 'differences of reality perception' kinda sucks." - Scott Johnson

Image

User avatar
Losbot
Almighty Member
Posts: 2682
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Test your router to make sure UPnP is NOT exposed on the WAN

Postby Losbot » Thu Apr 19, 2018 12:48 am

I'm good. :-)

User avatar
normalicy
Posts: 9103
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: Test your router to make sure UPnP is NOT exposed on the WAN

Postby normalicy » Fri Apr 20, 2018 12:20 am

Good to go. Which I still can't say about Spectre.


Return to “Broadband & Networking”

Who is online

Users browsing this forum: No registered users and 1 guest