27Feature Request: UPnP usage summary
UPnP is an extremely convenient solution, and its one I'm willing to live with for its convenience. However, having insight into exactly what has been opened, and by which device on your network, would be extremely useful. Many devices you purchase use UPnP without declaring they do, or they come configured to use UPnP by default... requiring a user to disable the feature if not required in their environment. Many owners are unaware that their devices are potentially opening exploitable holes into their network... and would disable UPnP for those devices if they were.
It would be very useful if the eero app could indicate what UPnP access is currently exposed, and the device responsible for that access. It would be even better if eero would give the user a way to deny UPnP requests at a device level, in order to blacklist a particular device from opening up external access.
As an example, I have a number of IP cameras running on my network. I made a point of reconfiguring them to not use UPnP (their out of the box config enables UPnP!), but there may be other devices on my network that are using UPnP without my knowledge. Insight into this would be great.
Without this, the best I can do is research each device, or use external pen-testing / UDP and TCP port scanning tools to periodically check to see if my external IP is accepting connections on any ports/protocols I'm unaware of. Even with that, it may be difficult to identify what's responsible in my network.
Thanks!
-
Hi perplexed —
Thanks for the feedback! We definitely recognize the importance of UPnP information on the network being surfaced. While we don't have any plans or a timeline to share at this time, it is a feature we hope to add in the future.
-
This is a great idea and would love to see this added in the future.
-
Would be an awesome feature to provide support to tools like PeakHour. As more and more ISPs have data limits, such features will really make eero standout.
-
I love Eero but it’s a bit frustrating how long it takes for them to add what are some pretty basic features available on any $30 router running an open source firmware.
Offering uPNP without having the ability to easily list currently open ports is a huge security hole IMO.
-
This is a no brainer. Either let users audit UPnP or disable functionality. Anything less is irresponsible implementation of UPnP considering how much of a vulnerability it represents.
-
This should have been done years ago. There really isn't any excuse for allowing this kind of security hole to exist. Even the cheap routers on the market show you the open UPNP ports. Hiding this data as EERO does now leads DIRECTLY to things like the recent chromecast hacks.
-
If you care about your home network's security, then you have to disable PnP. For network visibility, I have OPNsense firewall between this and my ISP's router as eero's firewall is not configurable enough, and just plain lacks this visibility. This product is created for ease of use, and to prevent product returns, and to "just work". Security seems secondary here.
-
is there any update on where Eero users can expect this crucial security feature?
