Homeland Security says Turn Off UPnP: What to do? Please advise.

Homeland Security and the more influential US-CERT say turn off UPnP. NOT KIDDING.

 

http://www.zdnet.com/homeland-security-disable-upnp-as-tens-of-millions-at-risk-7000010512/

 

http://www.us-cert.gov/current/#cert_releases_upnp_security_advisory

 

 

How shall we connect multiple Xboxen to our networks without UPnP? Please advise.

 

Question Info


Last updated July 4, 2018 Views 23 Applies to:

Google - UPnP risk And you'll see that this information is not new to date and therefor, comes as no surprise. This is also why some vendors choose to have UPnP disabled by default.

You should also read: http://www.kb.cert.org/vuls/id/922681 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

"A remote, unauthenticated attacker may be able to execute arbitrary code on the device or cause a denial of service." Love it.

 

So we know as per the weblink above fixes are needed for routers from Cisco/Linksys, D-Link, Fujitsu, Huawei, ipitomy, NEC, Siemens and Sony, and that we don't know about Belkin and other router and gateway makers.  

 

Until we know those routers have fixed the security hole, we need to 'deploy firewall rules to block untrusted hosts from being able to access port 1900/udp'.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.