-=> UPnP in Netgear FVS338 Firewall/Router? <=-

[Bill Taylor]

Hello, from Ottawa, Canada!

Can anyone please tell me how to enable UPnP in this Netgear Firewall,
FVS338?

Sorry, but I can't seem to find any documentation on the Netgear web
site, that details this?

As a possible alternative, is there a way I can get UPnP going on my
network, even if I have to use my old Netgear RP 614 router, within my
existing network that's been using this FVS338 Firewall?

I need to use UPnP in order to better access my Western Digital network
drive, a 2 TB Livebook.

Many thanks!

Sincerely,

Bill Taylor

[nospam]

In article <bigpedalnut-81BA...@news.giganews.com>, Bill

Taylor <bigpe...@gmail.com> wrote:

> Can anyone please tell me how to enable UPnP in this Netgear Firewall,
> FVS338?

upnp is a huge security hole. do not enable it.

<http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-
called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/>


<https://community.rapid7.com/community/infosec/blog/2013/01/29/security-
flaws-in-universal-plug-and-play-unplug-dont-play>

> I need to use UPnP in order to better access my Western Digital network
> drive, a 2 TB Livebook.

no you don't.

[Warren Oates]

In article <190420130553226346%nos...@nospam.invalid>,

nospam <nos...@nospam.invalid> wrote:

> upnp is a huge security hole. do not enable it.

And jesus loves you. No one cares. Lots of us use upnp.

Anyway: to the OP:

That's a business router; upnp isn't in the settings. You'll have to add
your own inbound rule, open the appropriate ports, etc.
--
Where's the Vangelis music?
Pris' tongue is sticking out in in the wide shot after Batty has kissed her.
They have put back more tits into the Zhora dressing room scene.
-- notes for Blade Runner

[David Ritz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday, 19 April 2013 08:52 -0400,
in article <51713df1$0$38242$c3e8da3$f626...@news.astraweb.com>,

Warren Oates <warren...@gmail.com> wrote:

> That's a business router; upnp isn't in the settings. You'll have to
> add your own inbound rule, open the appropriate ports, etc.

upnp 1900/tcp 0.003977 # Universal PnP
upnp 1900/udp 0.136543 # Universal PnP
upnp 5000/tcp 0.006423 # Universal PnP, also Free Internet Chess Server
upnp 5000/udp 0.008913 # also complex-main

- --
David Ritz <dr...@mindspring.com>
Be kind to animals; kiss a shark.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (Darwin)
Comment: Public Keys: <http://dritz.home.mindspring.com/keys.txt>

iEYEARECAAYFAlFxRMQACgkQUrwpmRoS3utiAgCgwH4mSRmEmvK+5WHDxy5bJuor
d6wAnAj8Om8rA3EkLZuKHHYXptt7DKhX
=qqa5
-----END PGP SIGNATURE-----

[nospam]

In article <51713df1$0$38242$c3e8da3$f626...@news.astraweb.com>,

Warren Oates <warren...@gmail.com> wrote:

> > upnp is a huge security hole. do not enable it.
>
> And jesus loves you. No one cares. Lots of us use upnp.

lots get hacked too.

[David Ritz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday, 19 April 2013 14:21 -0000,
in article <slrnkn2ktc....@mbp55.local>,
Lewis <g.k...@gmail.com.dontsendmecopies> wrote:

> In message <alpine.OSX.2.00.1...@mako.ath.cx>

> David Ritz <dr...@mindspring.com> wrote:

>> On Friday, 19 April 2013 08:52 -0400,
>> in article <51713df1$0$38242$c3e8da3$f626...@news.astraweb.com>,
>> Warren Oates <warren...@gmail.com> wrote:

>>> That's a business router; upnp isn't in the settings. You'll have to
>>> add your own inbound rule, open the appropriate ports, etc.

>> upnp 1900/tcp 0.003977 # Universal PnP
>> upnp 1900/udp 0.136543 # Universal PnP
>> upnp 5000/tcp 0.006423 # Universal PnP, also Free Internet Chess Server
>> upnp 5000/udp 0.008913 # also complex-main

> If you have UPnP open, go to grc.com and run the shields-up and make
> sure your router isn't one of the millions that opens UPnP to the
> world. That is dangerous. Dangerous enough that some ISPs have taken
> to blocking port 1900.

> If your router does UPnP properly (that is, only on the LAN side)
> then it's fine.

One should not need to open a world facing port, in order to use UPnP
on the LAN side. Doing so is a significant security issue, leaving
one's network vulnerable to a plethora of exploit attacks.

Looking at the WAN side:

% nmap -p 1900,5000 mako.ath.cx

Starting Nmap 5.00 ( http://nmap.org ) at 2013-04-19 07:50 PDT
Interesting ports on mako.ath.cx (75.56.239.73):
PORT STATE SERVICE
1900/tcp closed upnp
5000/tcp closed upnp

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

Looking at the LAN side of the router:

$ nmap -p 1900,5000 192.168.1.254

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-19 09:53 CDT
Nmap scan report for 192.168.1.254
Host is up (0.0086s latency).
PORT STATE SERVICE
1900/tcp closed upnp
5000/tcp closed upnp

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

Looking at this box, from itself.

$ nmap -p 1900,5000 localhost

Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-19 10:05 CDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0020s latency).
PORT STATE SERVICE
1900/tcp closed upnp
5000/tcp closed upnp

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds

If Bill Taylor needs to use UPnP _on his LAN_, he should only needs to
open the appropriate ports on the box where he wants to use it, not on
the hardware firewall or WAN facing router.

- --
David Ritz <dr...@mindspring.com>
Be kind to animals; kiss a shark.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (Darwin)
Comment: Public Keys: <http://dritz.home.mindspring.com/keys.txt>

iEYEARECAAYFAlFxXbEACgkQUrwpmRoS3usP1QCgvjFZJndKKHjt2tijOQksNd4D
99sAoLvd1OoDdDg57L3KG5EHVAcAzLMH
=c/tQ
-----END PGP SIGNATURE-----