
Feature Request: UPnP usage summary
UPnP is an extremely convenient solution, and its one I'm willing to live with for its convenience. However, having insight into exactly what has been opened, and by which device on your network, would be extremely useful. Many devices you purchase use UPnP without declaring they do, or they come configured to use UPnP by default... requiring a user to disable the feature if not required in their environment. Many owners are unaware that their devices are potentially opening exploitable holes into their network... and would disable UPnP for those devices if they were.
It would be very useful if the eero app could indicate what UPnP access is currently exposed, and the device responsible for that access. It would be even better if eero would give the user a way to deny UPnP requests at a device level, in order to blacklist a particular device from opening up external access.
As an example, I have a number of IP cameras running on my network. I made a point of reconfiguring them to not use UPnP (their out of the box config enables UPnP!), but there may be other devices on my network that are using UPnP without my knowledge. Insight into this would be great.
Without this, the best I can do is research each device, or use external pen-testing / UDP and TCP port scanning tools to periodically check to see if my external IP is accepting connections on any ports/protocols I'm unaware of. Even with that, it may be difficult to identify what's responsible in my network.
Thanks!
-
If you care about your home network's security, then you have to disable PnP. For network visibility, I have OPNsense firewall between this and my ISP's router as eero's firewall is not configurable enough, and just plain lacks this visibility. This product is created for ease of use, and to prevent product returns, and to "just work". Security seems secondary here.