Disable UPnP (Universal Plug-and-Play) on Your Network

by

NAT traversal technology allows network applications to detect that they are behind a UPnP-enabled NAT device. Then the applications can learn the shared, globally-routable IP address, and configure port mappings to forward packets from the external port of the NAT to the internal port used by the application—and all automatically so the user doesn’t have to manually configure port mappings. NAT traversal allows network devices or peer-to-peer applications to traverse a NAT gateway by dynamically opening and closings ports for communication with outside services. – Sharon Crawford, July 22, 2002

I recommend that you disable UPnP on your router and manually make port forwarding changes only when necessary.

When UPnP is enabled on your router, usually by default, some programs can open ports on your router without notification. This behavior is supposed to help when certain applications have difficulty communicating with the Internet, but could be a problem if a malicious program or intruder, like a trojan horse, wants to gain access to your network and computers.

Check if your router has UPnP, or any other ports/protocols, exposed to the Internet:

  • Go to GRC.com > Services Menu > ShieldsUP!
  • Run GRC’s Instant UPnP Exposure Test
  • Run the “All Service Ports” test

Reference