Check UPnP port mapping on you router

Most modern SOHO routers (like my Asus) support UPnP IGDP  or NAT-PMP protocols to enable hosts on local network to open and map incomming (from WAN) port on router.  While these two are different protocols with different origins, they both serve same purpose, so often they are enabled by a single option in your router configuration ( like in my Asus – there is only one option ‘Enable UPnP’,  but in fact it enables both protocols).

This automatic incomming port port management is very convenient, however it can cause some security problems  in your local network.  Because normaly  neither UPnP nor NAT-PMP is authenticated, all local subnet is basically trusted, it means that any program can open incomming port, as it needs (including  malware programs).  More detailed description about potential UPnP issues is for instance here.

So if you after all decide to enable UPnP on router ( because your children need it for their online games and torrents :-),  how can you check which ports are really opened?  Normaly router ( at least my Asus) – shows only manual mappings – but there is nifty small utility called PortMapper, written in Java, which can discover router on loacal subnet and show all UPnP and NAT-PMP port mappings, currently opened on your router.  Packed as jar it can be downloaded and run in few minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *