You should have pretty much everything on your router disabled for access from machines on the external network side of the router.
The typical example is the web admin interface, which should never be enabled for access from outside, only for access from machines on your internal network. The same applies to all other sorts of control interface, be they human interfaces or machine interfaces.
For any machines reaching it from the outside network interface the router should look the same as the most basic, dumbest router there is with no way to configure or control it.
So, yeah, enabling uPnP for external use is asking to be hacked, probably worse even that enabling the web admin interface for external access since the latter usually has username:password authentication, which although pretty crap (most people don’t even know its there and leave it at default and when not it often has character limitations that make it guessable or possible to brute force) it’s still way better than NO AUTHENTICATION WHATSOEVER which is what uPnP has.
Never turn on uPnP for external use, its a way to let hackers manipulate your network. It should never have existed as an option.
You should have pretty much everything on your router disabled for access from machines on the external network side of the router.
The typical example is the web admin interface, which should never be enabled for access from outside, only for access from machines on your internal network. The same applies to all other sorts of control interface, be they human interfaces or machine interfaces.
For any machines reaching it from the outside network interface the router should look the same as the most basic, dumbest router there is with no way to configure or control it.
So, yeah, enabling uPnP for external use is asking to be hacked, probably worse even that enabling the web admin interface for external access since the latter usually has username:password authentication, which although pretty crap (most people don’t even know its there and leave it at default and when not it often has character limitations that make it guessable or possible to brute force) it’s still way better than NO AUTHENTICATION WHATSOEVER which is what uPnP has.