How to Turn Off NAT-PMP and UPnP on Your Router

A few weeks back after the disastrous distributed denial of service attack on the DNS servers was found to have been caused by insecure Internet of Things devices, Bart suggested that we turn off automatic port forwarding. This is a technology that is built into routers that allows devices (and software) inside your network to punch holes through your firewall in order to talk to the Internet. The advantage of this technology is that you don’t have to understand or even know what port forwarding is in order to get your devices and software to work. Unfortunately, we’ve learned that our IoT devices are often spectacularly insecure. For example, there are devices with hard-coded Secure Shell (SSH) usernames and passwords that were largely responsible for the denial of service attack.

This automated port forwarding I’m describing on most routers is called UPnP, and on Apple routers they use a similar protocol called NAT-PMP. Bart recommended that we turn this service off, and only open ports manually when we know why they need to be opened. I have both a Netgear router and an Apple router, so I thought it might be helpful if I posted tutorials on how to turn off UPnP via the web interface on the Netgear router, and NAT-PMP from the Airport Utility. Thanks to Allister Jenks for helping put together the instructions for turning off NAT-PMP from an iOS device for the Airport. And of course we made the tutorials with my favorite app, Clarify.

Here’s links to the three tutorials:

What Could Kill Just the 2.4GHz WiFi Network?

2.4 ghz logo I made all by myselfThe new hip thing today is these Internet of Things devices, right? Steve and I have been dipping our toes in with the Ring video doorbell, the Chimes that go with it, the Hue Lights that automatically change in time with The Expanse series on SyFy, the Nest Protect smoke alarm that’ll tell us if there’s a fire even if we’re not home, and the Wemo Switches that turn on our hot water pump so we have toasty hot water when we need it.

But they all rely on one really important thing. They need to be able to connect to the our home WiFi network to do their various duties.

A while ago we had a little power blip, nothing major, over in a minute or two. It knocked all of the devices off line. Some of them came back by themselves, but some of them didn’t. The Ring Chimes seemed particularly difficult to get back onto our¬†network. Remember, everything is fiddly, right? Continue reading “What Could Kill Just the 2.4GHz WiFi Network?”

Yet Again the Answer is 2.4GHz Separation

Foscam camera on Amazong for $62About four years ago, my son-in-law Nolan bought Lindsay a webcam from a company called Foscam so that she could watch her dog Dodger. She followed the instructions to set it up to a wired Ethernet connection and it worked perfectly. From her Mac or her iPhone she could control the camera, move it around and watch the room. The only problem was that her router isn’t in the area where Dodger hangs out during the day. No problem, the Foscam should work wirelessly as well. But for some reason she could never get it to work.

Over the years, every once in a while we poked around at it and gave up. But this weekend we went to see them again and I decided to attack it full force. I started with a wired connection so we could take it one step at a time.

Continue reading “Yet Again the Answer is 2.4GHz Separation”

Posts navigation

1 2
Scroll to top