Routers from Netgear (and other companies) have a service turned on by default called UPnP (Unplug and Play). This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet. While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.
The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors. In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.
If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol
These instructions show you how to turn off UPnP on Netgear Nighthawk Routers. If you have an Airport Router, please see this tutorial: https://www.podfeet.com/blog/how-to-turn-off-nat-pmp-on-airport-routers/
Navigate in a Web Browser to the Netgear Login
This login is at http://routerlogin.net
Enter your admin username and password (you HAVE changed the password to a long, secure password, right?)
Select Advanced Tab
Open the Advanced Setup Menu
Turn Off UPnP
- Uncheck the box next to Turn UPnP On
- Click on Apply
Your Netgear router will tell you that it will have to restart. In a few minutes you should be back up and running.
If any of your internal network devices stop working, contact the manufacturer. They should be able to tell you specific ports to open and how to do that. If they tell you that you must have UPnP enabled, you’ll have to make a decision for yourself on whether to re-enable it or get rid of a device that makes your network less secure.