Menu
What's new
By:
Filters Better Search

WAN and UPnP?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Builder71

Builder71

Very Senior Member
The default out of the box setting is "Yes".

To my understanding this is a huge security risk.
Also I have no clue why anyone want to use this on the WAN port.
Anyone with a real life example?

I switched it off and asked myself, is it wise to change the default firmware setting to "No"?
 
Builder71 said:
The default out of the box setting is "Yes".

To my understanding this is a huge security risk.
Also I have no clue why anyone want to use this on the WAN port.
Anyone with a real life example?

I switched it off and asked myself, is it wise to change the default firmware setting to "No"?
Click to expand...

Well, it can make setting up remote access to a Windows Home Server box easier, but of course it is safer to leave it off and manually put in the port forwards.
--
bc
 
Ah, OK.

Sounds like it's wise to make the default "No".
Maybe RMerlin can make that happen if he feels like it. :)
 
Builder71 said:
The default out of the box setting is "Yes".

To my understanding this is a huge security risk.
Also I have no clue why anyone want to use this on the WAN port.
Anyone with a real life example?

I switched it off and asked myself, is it wise to change the default firmware setting to "No"?
Click to expand...

The uPNP security implications have been overblown in my personal opinion. If a computer on your network has already been compromised to the point of being able to open an inbound port through uPNP, then you are already toast, since it does not need uPNP to be able to establish outbound connection to any outside server.

uPNP can in fact be a security asset if you look at it differently. For example if you use a Bittorrent client, it means you can have the BT client use a different random port every time you start it, and it will be automatically forwarded. This can be more secure (in a way) than always forwarding the same port. When the BT client isn't running, any client could use that same forwarded port to hijack the connection.
 
Thx for your opinion on this RMerlin.

I switched it off because I don't use it.
 
You must log in or register to reply here.

Similar threads

RMerlin
Release Asuswrt-Merlin 386.13 is now available for AC models
2
Replies
38
Views
5K
Tech9
Tech9
R
Would any of this make my browsing more secure? (WAN DNS settings)
2
Replies
20
Views
1K
aru
aru
C
Strange WAN connection issue
Replies
9
Views
627
clvk07
C
X
DNS Director - question
Replies
6
Views
620
Xboxsx4life
X
J
Could a router be hacked from WAN end if firmware always up to date, no portwarding, no upnp and wifi disabled.
Replies
5
Views
892
coxhaus
C
Similar threads
Thread starter Title Forum Replies Date
J DDNS, AX86U-PRO, inadyn isn't called after wan IP change ? Asuswrt-Merlin 3
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
zombeeh8er Solved GT-AX11000 drops WAN connection / crashes every 6-36 hours Asuswrt-Merlin 25
C Strange WAN connection issue Asuswrt-Merlin 9
J RT-AX88U Dual WAN Ports 5-8 Almost Bricks Router Asuswrt-Merlin 6
D WAN IP and hostname verification not respecting interval Asuswrt-Merlin 2
M IPv6 and Router Advertisement adding route to delegated /56 via WAN interface Asuswrt-Merlin 0
R Would any of this make my browsing more secure? (WAN DNS settings) Asuswrt-Merlin 20
GShlomi Using Dual-WAN failover but using the passive with a rule Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 732 (members: 24, guests: 708)
Top