NAT traversal technology allows network applications to detect that they are behind a UPnP-enabled NAT device. Then the applications can learn the shared, globally-routable IP address, and configure port mappings to forward packets from the external port of the NAT to the internal port used by the application—and all automatically so the user doesn’t have to manually configure port mappings. NAT traversal allows network devices or peer-to-peer applications to traverse a NAT gateway by dynamically opening and closings ports for communication with outside services. – Sharon Crawford, July 22, 2002
I recommend that you disable UPnP on your router and manually make port forwarding changes only when necessary.
When UPnP is enabled on your router, usually by default, some programs can open ports on your router without notification. This behavior is supposed to help when certain applications have difficulty communicating with the Internet, but could be a problem if a malicious program or intruder, like a trojan horse, wants to gain access to your network and computers.
Check if your router has UPnP, or any other ports/protocols, exposed to the Internet:
- Go to GRC.com > Services Menu > ShieldsUP!
- Run GRC’s Instant UPnP Exposure Test
- Run the “All Service Ports” test
- What is UPnP & Why is it Dangerous?
- UPnP-enabled routers allow attacks on LANs
- Report by rapid7.com: SecurityFlawsUPnP.pdf
81 million routers found to have UPnP enabled on their public interfaces
- Security Flaws in Universal Plug and Play: Unplug, Don’t Play
- More than 150,000 Internet-facing printers were scanned, located, and used
- If your router has UPnP enabled, your printers, (or anything else on your network), may have punched a hole through your border router’s stateful NAT firewall to make itself “available” to anyone on the public Internet in the world.
- UnPlug n’ Pray (grc.com)
- What exactly is UPnP?
- UPnP Forum
- Microsoft Security Bulletin MS01-054: Invalid Universal Plug and Play Request can Disrupt System Operation