Recommended Posts

As of recently it has been discovered that most routers expose UPnP to the outside world, which is not good at all. This allows attackers "from the internet" to open ports in your routers.

It is recommended you DISABLE UPnP in your router. Below is a test to see if your router is vulnerable. Steve Gibson, the creator of the very popular "Shields-up" which scans your IP for open ports in your router has recently added a test for the upnp vulnerability. Simply click the link then click the "proceed" button. You will then see a button for the UPnP test. Good luck!

The Test

https://www.grc.com/x/ne.dll?bh0bkyd2

  On 03/02/2013 at 18:08, warwagon said:

It is recommended you DISABLE UPnP in your router.

No; It is recommened that you get a good router. I have UPnP on my router enabled and

  Quote

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

So either I have a good router or the test sucks.

  On 03/02/2013 at 18:20, Detection said:

I have uPnP enabled but still fine (Expected as much with DD-WRT though)

Capture.PNG

Correct this is a route test, not a computer test.

It's only recommended to disable UPnP on your routers if they don't pass that test, which means they are exposing you to the outer world.

Just passed the test on three touters with UPnP enabled. Two of them are running DD-WRT.

post-203976-0-34939600-1359915937.png

I disable it anyway. The fact that UPnP, by design, lets any application communicate with the router and open ports should make any security conscious user uneasy.

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Why would you disable uPnP anyways? It allows internal hosts to dynamically open ports like XBL or PSN for gaming and voice. Without it you'd have to manually open every single port those services and similar ones use. Just keep your internal hosts clean.

  On 04/02/2013 at 08:12, trek said:

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Why would you disable uPnP anyways? It allows internal hosts to dynamically open ports like XBL or PSN for gaming and voice. Without it you'd have to manually open every single port those services and similar ones use. Just keep your internal hosts clean.

Yeah I agree with keeping uPnP enabled also.

I ran many different servers over the years, long time ago now, so I had many ports opened for access, and that site's port tests always showed me as being safe and secure.

All depends on what type of security you're running on your computers.

There should be no issue with running UPnP/NAT-PMP on your router if it's properly configured, I knew mine would pass this test from the start since it exposes it's configuration in a good manner (It only allows hosts on the 192.168/16 subnet to create a forwarding rule, and said rule has to point at the host that requested it, otherwise it's rejected), and shows what ports are forwarded on what protocol.

Never mind the fact that the firewall should reject outside communication before it even gets to the UPnP/NAT-PMP daemon anyway, if it isn't being blocked you have bigger issues.

"Without it you'd have to manually open every single port those services and similar ones use."

So -- your talking a handful of ports at most.. UPnP is to allow unsolicted inbound traffic to get through your nat router. Traffic initiated by you, or in answer to your traffic is allowed.

Most people have no use of UPnP, it has been a nightmare since it was created -- who in their right mind thought, hey lets allow ports to be opened on your gateway/firewall without any sort of auth at all!!

And no UPnP should not be reachable via your public IP that is for damn sure.

  On 03/02/2013 at 18:32, warwagon said:

I disable it anyway. The fact that UPnP, by design, lets any application communicate with the router and open ports should make any security conscious user uneasy.

If you trust what's in your network and have the routers firewall up I don't see how it could.

^ the point is UPnP can remove your firewall settings. Without even a nod to you that its doing so, nor any sort of auth method to allow it.

There really needs to be some form of notification and auth to the mechanism - and then sure it would be a valid tool in opening firewall ports for the masses.

  On 04/02/2013 at 08:12, trek said:

THE EQUIPMENT AT THE TARGET IP ADDRESS

DID NOT RESPOND TO OUR UPnP PROBES!

Why would you disable uPnP anyways? It allows internal hosts to dynamically open ports like XBL or PSN for gaming and voice. Without it you'd have to manually open every single port those services and similar ones use. Just keep your internal hosts clean.

It would allow any malicious program to actively contact your router, open whatever ports it wants, and then transmit data through those ports all without your knowledge.... pretty big security hole if you ask me.

  On 04/02/2013 at 14:14, BeLGaRaTh said:

Steve Gibson, the person who creates the most FUD on the internet with his crazy rants and observations!!!

I'm not going to argue that the fact that he is crazy, which he probably is, but he is also very smart. And Facts do not = FUD.

Are you up to date on this UPnP issue? The typical way UPnP works is, an active program on one of the systems on your network will contact the router and open ports for whatever program/service to pass data through. Sounds ok right, well there is an exploit on a TON of routers that allows that request to be made from the OUTSIDE over the WAN, so if you have one of these affected routers, anyone outside your network, can open up ports into your network using a little bit of packet "magic". It's a pretty big deal.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Size 15. In the first week I managed to get a full week before having to recharge from 10%. I looked online and Samsung recommends recharging it when it gets to 20-30% to preserve the battery life. In the second week, started wearing my Galaxy Watch6 Classic again, because I read that it offsets sensors to the Watch, meaning the battery lasts even longer... and a week on (today) the ring was at 31% when I recharged it fully again, so a difference of over 20% in combination with the Watch. By the way I do not wear my Watch to bed, so it is only the Ring doing the sleep tracking (which is hit or miss tbh) it stops tracking for an hour or two in the night, which is really annoying. I had the same thing with the Watch, and I found it uncomfortable to have on in bed. I have been reading that the battery can start to go bad even after the first week so I am glad it isn't affecting me (yet).
    • Visual Studio gets even smarter with more AI models and billing updates by Usama Jawad Visual Studio and Visual Studio Code are among the most popular integrated development environments (IDEs) out there. The tools boast more than 50 million monthly active users, which isn't surprising considering their platform agnosticism, deep integration with the Microsoft ecosystem, and the power of GitHub Copilot. Now, Microsoft is looking to entice even more customers who are eager to use AI models to boost their productivity during the development process. In a blog post, Microsoft has stated that it has updated the AI models list available in Visual Studio to default to smarter options. For example, Copilot will now use GPT-4.1 rather than GPT-4o, since it offers better responses with faster performance. In addition, users can now select between the following models to enhance their coding experience based on their preferences: Claude Sonnet 4 Claude Opus 4 Claude Sonnet 3.5 Claude 3.7 (non-thinking and thinking) OpenAI o3 mini Gemini 2.0 Flash Gemini 2.5 Pro Microsoft has noted that your selected model will persist across your workflows, so if you're unsure about which model to leverage, you can refer to its documentation here. Furthermore, Visual Studio is making it easier to switch between models that are included in your plan through a prompt in the model selector. When it comes to billing updates, Microsoft has built a new Copilot Consumptions user experience that can be accessed by navigating to the Copilot badge present in the top-right corner of the IDE. As the name suggests, this panel shows your consumption in an easily digestible format. You can also click on Manage Plan, which will take you to the GitHub website. It is important to note that some models are request-heavy, and Visual Studio will now indicate this to you while you are selecting your model. If you exhaust your premium requests, you will shift to a standard model seamlessly. You should also keep in mind that the GitHub Copilot pricing plans have been updated, and the billing experience in Visual Studio does reflect them.
    • Indeed. It's apparently just a new search window that calls itself a "launcher"...yeehaw?! bleh.
    • Last I checked, their "support clock" runs for five years. So EOL at end of 2028 for this model? Roll your own looks better all the time. I do understand that's not for everyone. I think the least they could do is offer you six months of free cloud so you could migrate to new hardware when the time comes. Assuming you stick with them as your hardware vendor, of course.
    • Music Collection 3.9.1.1 by Razvan Serea Music Collection is a free tool to archive and manage your music library. Add CDs, LPs, tapes, or digital files manually or via the Internet. Retrieve album data by artist, title, barcode, catalog number, or CD scan. Auto-import metadata from audio files. Browse, sort, filter, export, import, and generate reports effortlessly. Music Collection features: The program creates the collection's database in a Microsoft Access format, so if you want later, you can use it, without the help of the program. The user can create as many as different collections wants. Accepts all kinds of musical media (cd, lp, dvd-a, audio files etc.). Specially customized to add and edit classical music albums. Retrieves data from the Internet, such as cd info, album cover, artist information, tracks, and the lyrics of each track etc. For every album the program saves all media contained, every medium tracks and the lyrics for every track. Displays albums using filters or the advanced search feature. Lists selected albums in a grid or using images (default setting). Presents all items contained in the album, in one page for an easy album overview. The details that are shown there are: album cover, album artists, notes, the tracks of each medium, the lyrics of each track and the duration of each one, as well as the total duration of the album. Exports album information to html file. Exports collection albums to html,txt,csv,excel files. Imports album information from text files exported by another program. Manages all program data, such as a list of singers, composers, etc. Manages artist information (biography, best albums). Prints all the data shown in each table.. Creates reports, which you can configure by your preference.. Manages album loans. Shows collection statistics. Searches for tracks and opens the album medium that contains them. Skinable. The user can select from 30 different skins. Multi-language support. Music Collection 3.9.1.1 changelog: Added: Show selected group item total duration. Added: Option to show only the checked albums. Added: Save the checked album property. Added: Play checked tracks. Fixed: Some minor bugs. Download: Music Collection 3.9.1.1 | 8.0 MB (Freeware) Download: Portable Music Collection 3.9.1.1 View: Music Collection Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Conversation Starter
      Kavin25 earned a badge
      Conversation Starter
    • One Month Later
      Leonard grant earned a badge
      One Month Later
    • Week One Done
      pcdoctorsnet earned a badge
      Week One Done
    • Rising Star
      Phillip0web went up a rank
      Rising Star
    • One Month Later
      Epaminombas earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      528
    2. 2
      ATLien_0
      207
    3. 3
      +FloatingFatMan
      168
    4. 4
      Michael Scrip
      150
    5. 5
      snowy owl
      124
  • Tell a friend

    Love Neowin? Tell a friend!