UPnP: change a router’s firewall rules from a client machine

Technology

upnpportforward_20071019.jpg

Universal Plug and Play support is available on most modern wireless and DSL routers. Among other things, it allows client machines on the local network to remotely configure the router’s port forwarding, typically without authenticated access.

Adrian Crenshaw has a nice screencast which shows how to detect UPnP capable devices on your network and how to use the PortForward utility in Windows to remotely configure port forwarding for routers on your LAN.

After looking at this, you’ll probably come to the conclusion that, while convenient, unauthenticated UPnP is pretty dangerous. It allows someone who has momentary access to your network to easily reconfigure your router to punch holes through its NAT firewall. This could be somone on your wireless network, or it could be as simple as a malicious program that you accidentally execute on your own machine.

Fortunately, most routers allow you to disable UPnP, and you should probably take advantage of this and turn off UPnP on your devices now.

UPnP Port Forwarding and Security Screencast – Link
UPNPScan – Link
UPNP PortForward (exe, source and documentation) – Link

What will the next generation of Make: look like? We’re inviting you to shape the future by investing in Make:. By becoming an investor, you help decide what’s next. The future of Make: is in your hands. Learn More.

Tagged
Discuss this article with the rest of the community on our Discord server!

ADVERTISEMENT

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 16th iteration!

Prices Increase in....

Days
Hours
Minutes
Seconds
FEEDBACK