Networking Question!

[GardeniaSky]

I'm looking into ways to make my home network more secure. Does anyone have experience with disabling their UPNP, and if so, did you run into any unsolvable issues? I don't mind if devices need extra configuration to connect and work properly, I'm just wondering if there are any services you absolutely could not get to work with it disabled.

 

[McDoob]

Off the top of my head, I'd say any torrenting software would have a problem with disabled UPnP services, but not unsolvable. You'd also have to do some extra work if you wanted to run a game server.

But this begs the question: why? Unless your anti-malware/anti-virus software is woefully out-of-date, UPnP shouldn't be a concern.

-McD

 

[GardeniaSky]

Off the top of my head, I'd say any torrenting software would have a problem with disabled UPnP services, but not unsolvable. You'd also have to do some extra work if you wanted to run a game server.

But this begs the question: why? Unless your anti-malware/anti-virus software is woefully out-of-date, UPnP shouldn't be a concern.

-McD

I was checking the logs and have been seeing random little scans and pings from rather untrustworthy IPs. I haven't had any security breaches and I'm running a scan for anything sketchy on my PC.

Just checked the logs out of curiosity and noticed it. We haven't had any slowdowns or issues. I have a tendency to open Pandora's box and consider the worst-case, and want to protect myself against that. My personal computer is heavily protected, but I know other devices on my home network aren't so solid.

I'm just concerned about running into problems with online games. I don't have a VPN so we don't torrent. Aaand the Malwarebytes scan came back clean. I always keep windows defender up to date and have my permissions heavily limited.

 

[McDoob]

I was checking the logs and have been seeing random little scans and pings from rather untrustworthy IPs. I haven't had any security breaches and I'm running a scan for anything sketchy on my PC.

Just checked the logs out of curiosity and noticed it. We haven't had any slowdowns or issues. I have a tendency to open Pandora's box and consider the worst-case, and want to protect myself against that. My personal computer is heavily protected, but I know other devices on my home network aren't so solid.

I'm just concerned about running into problems with online games. I don't have a VPN so we don't torrent. Aaand the Malwarebytes scan came back clean. I always keep windows defender up to date and have my permissions heavily limited.

First day on the internet? o_O

There are a billion random bots poking at random IP's random ports at random times. 99.99% of these won't ever get past your router's firewall. It's really not something to worry about. If anything, you should look out for unusual outgoing traffic.

If you want to protect yourself from the absolute worst case scenario, disconnect. The only way an external party can do anything is if you have an external connection. That's why there are certain computers in certain missile silos that have never been or will ever be online.

Realistically, though, you really aren't special enough to be hack-worthy (no offense), unless you work for a bank, or the government, or something like that. Even then, it would be your work networks that would likely be targeted, and they'd have paid staff just for NetSec.

Don't lose sleep over it.
-McD

 

[jankusanagi]

I've never used UPNP.

P2P software, mostly, can take advantage of it to simplify things, but nothing you can't usually solve by manually opening/redirecting ports on your router/gateway.

 

[GardeniaSky]

First day on the internet? o_O

There are a billion random bots poking at random IP's random ports at random times. 99.99% of these won't ever get past your router's firewall. It's really not something to worry about. If anything, you should look out for unusual outgoing traffic.

If you want to protect yourself from the absolute worst case scenario, disconnect. The only way an external party can do anything is if you have an external connection. That's why there are certain computers in certain missile silos that have never been or will ever be online.

Realistically, though, you really aren't special enough to be hack-worthy (no offense), unless you work for a bank, or the government, or something like that. Even then, it would be your work networks that would likely be targeted, and they'd have paid staff just for NetSec.

Don't lose sleep over it.
-McD

Thank you lol. I re-enabled it just in case. I know a lot of times the logs will pop false positives when stuff is denied access/attacks are shut down. I need to stop digging about this stuff or I'll drive myself nuts.

 

[McDoob]

Thank you lol. I re-enabled it just in case. I know a lot of times the logs will pop false positives when stuff is denied access/attacks are shut down. I need to stop digging about this stuff or I'll drive myself nuts.

Yes. Yes you will. Paranoia is a helluva drug...

This is one of the reasons why I get so annoyed by fear-mongering 'news' articles about this or that network protocol. The people that write them either don't understand what they're writing about, which is excusable, or do, which is not. And most people who read them don't.

I had an older woman once try to warn me about the poisonous dihydrogen monoxide that the government was putting in all our food and water...Dihydrogen monoxide? Two hydrogen atoms and one oxygen? Sound familiar? *facepalm*

-McD

 

[KirboDeku]

I had an older woman once try to warn me about the poisonous dihydrogen monoxide that the government was putting in all our food and water...Dihydrogen monoxide? Two hydrogen atoms and one oxygen? Sound familiar? *facepalm*

That article HAD to be a parody that she thought was real, I refuse to believe anyone could be THAT stupid.

 

[McDoob]

That article HAD to be a parody that she thought was real, I refuse to believe anyone could be THAT stupid.

Never underestimate the human capacity for stupid.

-McD

 

[jankusanagi]

Nothing wrong with reducing your attack surface. Plenty of people have no need for UPNP.

People "unworthy" of being hacked are still hacked.

 

[McDoob]

Nothing wrong with reducing your attack surface. Plenty of people have no need for UPNP.

People "unworthy" of being hacked are still hacked.

I mean, yeah, good network practices are...well...good.

People have been squashed by falling elephants, too. I don't spend my time anxiously watching the skies, though. Instead, I might watch for traffic, or people with weapons, which are far more likely to harm me.
-McD

 

[vulonkaaz's iconvulonkaaz]

I got a CGNATed ipv4 address so upnp can't even work where i live

torrent client works flawlessly

been able to play starbound through steam multiplayer no problem

haven't had a single situation where lack of upnp ruined my experience

 

[Antilocal123]

Prayer.

 

[daratmp+wxqvs]

learn how to portforward/NAT and you wont need upnp