Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[burakkucat]

Further playing suggests it seems to affect the normal uPnP service too, so it's probably just an old issue in the stock firmware underneath it, so to speak.  Might be able to get away with a firewall rule inserted somewhere though.  This is the advantage about such unlocked/hacked firmware, it might be possible to actively alter.

Have you made contact with the author of the customised firmware? If not, that might be worth a try . . . 

[RayW]

Why not just disable your UPNP to begin with, then your computer should be safe in that regard ..?

https://www.grc.com/unpnp/unpnp.htm

[jewelie]

Have you made contact with the author of the customised firmware? If not, that might be worth a try . . . 

Yeah, I've done so.  Just wanted to talk to people and check I've not done something silly before bothering him. 

[jewelie]

Yeah, I've done so.  Just wanted to talk to people and check I've not done something silly before bothering him. 

The issue occurs with both minidlna and the upnp service separately.  Minidlna still responds to upnp ssdp m-search requests from the internet, on my config, even when the general upnp service is disabled.  It's probably not as much of an issue with the regular upnp service disabled but it's still disconcerting and wrong that minidlna is replying to the internet at large at all.

[kitz]

Why not?  Tiny flat.  Space.

Not sure on your exact requirements but I replaced my dying NAS box with one of these   They arent much bigger than a HD caddy.   Mine currently sits on its side hidden behind one of the monitors, but it also took up hardly any room when flat and sat really nice under my Zyxel router for many months.

Warning though - theres hardly any setup info that comes with it and it may take some messing around before you get things how you want.  You can download various apps which are addons for the dashboard.  For example I have one that does PC backup and theres another that does things like FTP server.   Admin can map drives...  but I also have mine set up so that music etc is in a public LAN folder.  You can also set up personal folders which is what I have for my backups. 

Its perhaps not a solution for all, but for me it does what I need and I havent researched any other apps.  Big benefit is its a great space saver and actually looks good on the desk (despite it now being hidden).  Its reasonably quiet, You do hear the drive kick in when its being accessed, but it is a lot quieter than my NAS was.

[jewelie]

I'm not ignoring you, but this is way over my head.   Hopefully someone else with knowledge in this area may be able to help.

Hiya

Well, with packet sniffing etc I think I finally worked out what was going on (thanks again to Rich for including tcpdump amongst the routers built-in tools, else I'd probably never have worked it out.) 

It probably isn't with the firewall which was set to block those packets anyway.

The issue appears to be with the IGMP Proxy service configuration, which is only really needed for IPTV (e.g. extra channels via BT/TalkTalk YouView service.)  I don't have such channels so can disable it. 

When any device on the LAN sends out an IGMP request to join a multicast network on the LAN it causes the IGMP Proxy to also bridge all such packets over the firewall and into the router too and unfortunately that includes UPNP SSDP services by default.  Devices that do this on my network are Windows 10, a Roku box, and a smart TV.  The problem doesn't appear until such a sends such IGMP requests joins the network, then it seems it opens up that part of proxy permanently until the router is rebooted.  I imagine the way to fix this neatly would be to have the IGMP Proxy disabled by default (if it isn't already( and when it is enabled allow users to configure the IGMP Proxy appropriately (with a more paranoid default setting), which I'm sure Rich will end up doing when he gets time.  You can't configure the IGMP Proxy currently, you can only have it off or on.

Regards
Julie
xxx

[burakkucat]

Thank you for that update on your findings and for the concise explanation of the route cause of the problem.