Disable UPnP on Your Wireless Router Already
Port forwarding on your router so that devices can communicate with the outside world can be a headache if you have a lot of equipment, so it’s understandable why technology like UPnP sounds so convenient. This automatic process assumes that it is safe to open the network to the Internet when internal programs request access — which is usually true, unless malware does.
See the problem? Generally speaking, attackers find creative ways to take advantage of over-reliance on UPnP protocols to perform all sorts of fun things, including scanning your network ports for additional attack vectors.
There is no real reason why you should use UPnP. The convenience isn’t worth the risk to your network security. If the app isn’t working, like your favorite BitTorrent download tool, port forwarding isn’t that difficult. Sure, this is annoying, but much safer than relying on UPnP.
If you need more credibility, Ars Technica has a healthy article on a brand new validation attack that takes advantage of yet another UPnP vulnerability to create a giant distributed denial of service (DDoS) network of vulnerable devices. … Fun!
As Dan Goodin writes:
“The exploit works by abusing the UPnP SUBSCRIBE function, which devices use to receive notifications from other devices when certain events occur, such as playing a video or music track. Specifically, CallStranger sends subscription requests that spoof the URL to receive the resulting “callback”.
To carry out DDoS attacks, CallStranger sends a stream of subscription requests that spoof the address of a third-party website on the Internet. When the attack is carried out in unison with other devices, lengthy callbacks bombard the site with a stream of unwanted traffic. In other cases, the URL receiving the callback points to a device on the internal network. The responses can create a server-side request forgery-like condition that allows attackers to compromise internal devices behind network firewalls. ”
So, disable UPnP already
The easiest way to make sure your network is not participating in this botnet is to turn off UPnP on your router. It’s easy to do, but this option – if there is one – is most likely hidden in the advanced settings menu. For example, on a typical TP-Link Archer A20, you will find it at Advanced> NAT Forwarding> UPnP . This makes sense if you’ve fiddled with router configurations before, but it’s probably not the first place a regular user will look.
Even on a more user-friendly router like Google Nest Wifi, you’ll have to dig a bit to find the UPnP settings (again, via Nest Wifi’s advanced settings):
On the other hand, you will now also know where to forward ports on your router if any hardware or software on your network requires it to work. Usually your router’s UPnP settings are located in the immediate vicinity of its port forwarding settings, and all you need to set up port forwarding is the IP address of the device you will be forwarding to, as well as the range of ports required. ( Easy to guess!)
After making the changes, if any, it is worth using several online tools to check the security of your network. I recommend trying the ” Instant UPnP Exposure Test ” on ShieldsUp !! as well as F-Secure’s Router Checker to see if your network is opening up more ports to the world than it should.