Solved Removing that dreaded UPnP port...

[Viktor Jaep]

Hi All...

I thought I had disabled UPnP everywhere, but it's still showing up as a listening UDP port no matter what. What can be done to remove this?

I have UPnP disabled on the WAN...

I have the UPnP Media Server (USB Application -> Servers -> Media Server) disabled:

I don't have QoS enabled, which could also introduce some UPnP issues:

But yet, when I run an nmap on my WAN0, this is what comes up, showing UPnP listening and unfiltered:

Running ps | grep pnp yields no results... so nothing is running.

I even went through my nvram, and searched for UPnP that might have something to do with this, and have no other leads to go on to figure out how to shut this down:

upnp_clean=1
upnp_clean_interval=600
upnp_clean_threshold=20
upnp_enable=0
upnp_max_lifetime=86400
upnp_max_port_ext=65535
upnp_max_port_int=65535
upnp_min_lifetime=120
upnp_min_port_ext=1
upnp_min_port_int=1024
upnp_mnp=1
upnp_pinhole_enable=0
upnp_port=0
upnp_secure=1
upnp_ssdp_interval=60
vts_upnplist=
wan0_upnp_enable=0
wan1_upnp_enable=0
wan_upnp_enable=0
wl0_wmf_ucast_upnp=0
wl1_wmf_ucast_upnp=0
wl_wmf_ucast_upnp=0

Do I seriously have to force an iptable DROP to forcefully close this?

iptables -A INPUT -p udp --dport 1900 -j DROP

If anyone have any other good ideas on how to get rid of this open port hanging out there, that I can't seem to get rid of? (Oh, and yes... I rebooted as well) Thanks in advance!!

 

[ATLga]

Right near that QOS setting, on your router do you have a "enable geforce NOW QOS UPNP" toggle that is defaulted to on. Toggle it off if so. Not sure about your model, some don't have this setting.

 

[ColinTaylor]

Running ps | grep pnp yields no results... so nothing is running.

Run netstat -nlp | grep 1900. If it shows nothing listening on that port then there's something wrong with your testing method.

 

[Viktor Jaep]

Right near that QOS setting, on your router do you have a "enable geforce NOW QOS UPNP" toggle that is defaulted to on. Toggle it off if so. Not sure about your model, some don't have this setting.

Thanks for the suggestion... I looked for that as well initially, but I figured my router doesn't support that feature. Normally this is off, but when I slide it to ON, this is what I get...

Or if you talking about this (screengrab from google), no, I don't have this setting either:

 

[AndreiV]

Try testing your ports at Shields Up see what that shows.

Running: Skynet, Diversion, Unbound ..................

Why on earth have you got all that stuff running ?

 

[Viktor Jaep]

Run netstat -nlp | grep 1900. If it shows nothing listening on that port then there's something wrong with your testing method.

This is what I get back...

 

[Viktor Jaep]

Try testing your ports at Shields Up see what that shows.

I have no doubt that nothing is responding to this port, no services running etc... it just IRKS me that the port remains open for some reason.

Why on earth have you got all that stuff running ?

LOL. It's quite lean compared to what you find others running in this forum.

 

[AndreiV]

I have no doubt that nothing is responding to this port, no services running etc... it just IRKS me that the port remains open for some reason.

If the port was open it would have failed the test.

 

[ColinTaylor]

This is what I get back...

View attachment 50631

So that port is being used by the wireless system, not UPnP. My guess is that it's part of AiMesh as I don't see that on my stand-alone router.

 

[Viktor Jaep]

If the port was open it would have failed the test.

I know nothing is going to respond from it... nothing seems to be running. I just want to get rid of this port. It's open, it's sitting there... it shouldn't be. I blame my OCD for wanting things clean and tidy.

 

[Viktor Jaep]

So that port is being used by the wireless system, not UPnP. My guess is that it's part of AiMesh as I don't see that on my stand-alone router.

I don't use AiMesh (unless something is enabled in the background by default?)... and why would it only be present for UDP on WAN0?

 

[Tech9]

Why on earth have you got all that stuff running ?

@Viktor Jaep can run anything because he knows what it is and how to fix when in breaks.

Some other users have no good answer to this question and run it because they see guys like Viktor running it.

 

[Viktor Jaep]

@Viktor Jaep can run anything because he knows what it is and how to fix when in breaks.

Some other users have no good answer to this question and run it because they see guys like Viktor running it.

LOL this better not devolve into RTRHTR v1.1 again.

 

[ColinTaylor]

I don't use AiMesh (unless something is enabled in the background by default?)... and why would it only be present for UDP on WAN0?

Sorry, I don't know anything about your setup or how you're testing this. Your signature says you're using AiMesh so I assumed you were.

 

[Viktor Jaep]

Sorry, I don't know anything about your setup or how you're testing this. Your signature says you're using AiMesh so I assumed you were.

LOL... close! Google Nest Wifi PRO Router + 3 PRO Mesh Nodes (Prod)

This is the command I'm running:

nmap -sU <insert WAN IP> | grep "open"

 

[Viktor Jaep]

Sorry, I don't know anything about your setup or how you're testing this. Your signature says you're using AiMesh so I assumed you were.

I'm not familiar with SSDP, but could it be some kind of service like that sitting on UDP port 1900? I just found this:

https://support.tilaa.com/hc/en-us/articles/4417474058130-How-to-fix-or-prevent-an-open-SSDP-service-from-running

 

[ColinTaylor]

I'm not familiar with SSDP, but could it be some kind of service like that sitting on UDP port 1900?

As I said in post #9, it's your wireless subsystem, hostapd. You probably have WPS enabled.

 

[Viktor Jaep]

As I said in post #9, it's your wireless subsystem, hostapd. You probably have WPS enabled.

OMG... @ColinTaylor to the rescue... THANK YOU!

It was WPS... how could I have overlooked that big gaping security hole...

New results: