UPnP on or off

[Christopher]

Hi all,could anyone tell me if it is advisable to have the routers UPnP on or off? Googled it and many say it's better security to have it switched off,I'd be very grateful for any comments.

[Steve]

For me  depends whether I'm using it or not it's very convenient, turn it off and see if you lose internet functionality on any software or devices. If you are turn it back on or get your hands dirty  and forward ports on the router either way there's a potential security issue, however port forwarding only applies to one local machine whereas UPnP decides which device needs it.

[sparky]

I don't know if there is any security issue, but I turned mine off because the router logs were filling up with upnp messages. That was last November. Never had any problems accessing any sites.

[Christopher]

For me  depends whether I'm using it or not it's very convenient, turn it off and see if you lose internet functionality on any software or devices. If you are turn it back on or get your hands dirty  and forward ports on the router either way there's a potential security issue, however port forwarding only applies to one local machine whereas UPnP decides which device needs it.

??  Sorry,don't follow

[Steve]

All I meant was set up some manual port forwarding in the router firmware - this is a method of allowing the router to direct a request via a permanently open port to a local device with a static IP address. This is the reliable way of doing it. UPNP decides when the request is made which port to temporarily open and to which local device. This is automatic once enabled so you can see why it's popular but it's not infallible

http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/

"Should You Disable UPnP?
When I started writing this post, I expected to conclude that UPnP's flaws were fairly minor, a simple matter of trading a little bit of security for some convenience. Unfortunately, it does appear that UPnP has a lot of problems. If you don't use applications that need port forwarding, such as peer-to-peer applications, game servers, and many VoIP programs, you may be better off disabling UPnP entirely. Heavy users of these applications will want to consider whether they're prepared to give up some security for the convenience. You can still forward ports without UPnP; it's just a bit more work. Check out our guide to port forwarding.

On the other hand, these router flaws are not actively being used in the wild, so the actual chance that you'll come across malicious software that exploits flaws in your router's UPnP implementation is fairly low. Some malware does use UPnP to forward ports (the Conficker worm, for example), but I haven't come across an example of a piece of malware exploiting these router flaws."


Mine is on as other members of the household use game servers and P2P and I can't be arsed setting up the port forwards for several machines. I do run a router with well respected and regularly updated firmware so I hope the risks which in itself are minimal are not worth worrying about.

[Christopher]

Thanks for the very informative post Steve.I have had UPnP turned off for 3 weeks now and noticed no difference,however I have just uploaded a UPnP security firmware update to my router so may as well turn it back.Thanks for your help.