Test your router to make sure UPnP is NOT exposed on the WAN

Networking and broadband talkabout. Need help with that new router or setting up a network?
Post Reply
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Test your router to make sure UPnP is NOT exposed on the WAN

Post by FlyingPenguin »

This is a very old problem that should have been fixed a LONG time ago, however there's a shocking number of routers that STILL have this vulnerability. UPnP should NEVER be exposed on the WAN. It shouldn't even be possible. This is just sloppy programming of the firmware.

GRC's ShieldsUp! has the ability to test for this. Go to ShieldsUp page here, and press Proceed, then on the next page press the "GRC'S Instant UPnP Exposure Test" button: https://www.grc.com/shieldsup

DO I EVEN NEED UPNP AT ALL?
Security experts suggest, and I whole heartily agree, that unless you NEED UPnP, it should be turned off entirely, even on the LAN side of your router.

UPnP is a way that devices and apps on a LAN can ask the router (without any approval from you) to setup a port forward (and that forward is usually invisible - it doesn't show up in the router's manual port forward list). The original intention was to make it easy for non-techies to setup port forwarding for game hosting on the XBox. However, since there's no security of any kind and ANYTHING on your network can open a port via UPnP (thereby completely defeating the purpose of your router's firewall), it's very dangerous. A malicious app or IoT device could open a port and run a server from inside your network.

Most people on this forum probably know how to setup port fowarding in their router, and can easily do without UPnP.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Test your router to make sure UPnP is NOT exposed on the WAN

Post by Losbot »

I'm good. :-)
User avatar
normalicy
Posts: 9513
Joined: Sat Nov 25, 2000 4:04 am
Location: St. Louis, MO USA
Contact:

Re: Test your router to make sure UPnP is NOT exposed on the WAN

Post by normalicy »

Good to go. Which I still can't say about Spectre.
Post Reply