dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5281
share rss forum feed

Etcetera
Premium
join:2010-06-25

Can't disable UPnP on Verizon FiOS Westell 9100 router

I recently had FiOS installed in my new residence.

I did quite a bit of searching on Google to figure out why port forwarding entries are getting created in my Westell 9100 Verizon FiOS router even though UPnP is "disabled."

Found this DSLReports thread, which did not seem to lead to successful resolution:
»FIOS Coax to Cat5E?

I'm just corroborating the fact that, from my perspective, UPnP on the Westell 9100 router cannot be disabled. I think this is a SECURITY RISK because it potentially exposes applications and devices on the user's network to the outside world.

Here's how I attempt to "turn off" UPnP on the router:

1) Log in to the router
2) Click 'Advanced'
3) Click 'UPnP'
4) Uncheck the only two checkboxes available:
- Allow Other Network Users to Control Wireless Broadband Router's Network Features
- Enable Automatic Cleanup of Old Unused UPnP Services

5) Click Apply
6) Click OK
7) Confirm the checkboxes are still cleared.

Is there any other way to "disable UPnP" on this router? I haven't seen any. The User Guide in this area is a joke. The extent of its information is, "To configure UPnP enter the desired values and then click Apply to save the settings." Uh... gee, thanks.

Next, I remove any existing forwarded ports:

1) Click 'Firewall'
2) Click 'Port Forwarding'
3) Click 'X' next to each entry to delete
- In my case, I have half a dozen entries for Skype and my IP Camera, none of which I manually added (all added by UPnP).

4) Click 'Apply'
5) Click 'OK'
6) Confirm the entries are absent from the list.

Then, after UPnP is supposedly "disabled", I test it by doing the following:

1) Launch Skype
2) Check port forwarding list (from above)

Sure enough, there are new Skype entries opening up port 10728 for UDP and TCP.

3) Turn on my IP Camera
2) Check port forwarding list again

Sure enough, there are new IP Camera entries opening up port 8150 for UDP and TCP.

Same with a Blizzard game. And, I imagine, anything else that's UPnP capable.

This is absolutely ridiculous. So now I have programs and devices automatically opening up ports on my router to the outside world.

»grc.com confirms the ports are open (via Shields Up).

Interestingly enough, the Microsoft Internet Connectivity Evaluation Tool (»www.microsoft.com/windows/using/···ult.mspx) shows UPnP "Not Supported" whether I have it turned on our not. Whatever the tool is doing, it's not giving accurate results either way in this case.

My Westell 9100 firmware version is 1.02.00.04 and I haven't been able to find anything newer.

Does anyone have a Westell 9100 on which they can successfully disable UPnP?

Thanks!



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

I am not sure, try this..

1) Make sure that the IP Camera is not on.
2) Make sure that Skype is not running.
3) Log in to the router
4) Go to Advanced -> UPnP
5) Uncheck Allow Other Network Users to Control Wireless Broadband Router's Network Features.
6) Click Apply
7) Click OK
8) Confirm that the checkboxes is still cleared.
9) Use the Microsoft Internet Connectivity Evaluation Tool, to check for support of UPnP.
10) Go to grc.com and check the ports.
11) Result back should not be open.
12) Turn on the camera or start Skype.
13) Go to grc.com and check the ports.
14) Result back should not be open.

---

If that does not work. Do the steps again, but this time: After step 8 listed above, try turning off and back on the power to the router.

^^^
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


Etcetera
Premium
join:2010-06-25

1 recommendation

Thanks for the reply. Yep, I did try all of that and, nope, UPnP is not disabled. There are no errors or indications that disabling it failed, but Skype, Blizzard, and my network camera all successfully place forwarding entries on the router without my taking any action.

I'm coming to the conclusion it's impossible to successfully disable UPnP on a Westell 9100 router (Verizon FiOS).

Seems pretty surprising that they would let that defect simply go uncorrected. Seems even more surprising there aren't more complaints about it...



More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:31

said by Etcetera:

I'm coming to the conclusion it's impossible to successfully disable UPnP on a Westell 9100 router (Verizon FiOS).
Here are a couple of threads on similar difficulties disabling UPnP on the Westell.
»FIOS Coax to Cat5E?
»Automatic Port Forwarding -- How Did This Happen?

I'd normally suggest posting this as a bug report in the »Verizon Direct forum, however, VZ has discontinued using the Westell 9100s, so I wouldn't expect a fix at this point.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.