What is the Router Vulnerability Check tool?
The Router Vulnerability Check tool is used to check your router setup and find open ports via UPnP and NAT-PMP which may lead to external access. This feature also lets you close open ports you may find.
Router Setup and Open Ports
For data to pass between the Internet and your network, the information must travel through virtual ‘holes’ in the router’s software, called ports. Ports allow the information to pass in and out of your network, and direct the information to the correct devices.
Think of your router as a house. A port is like your front door. The door is closed unless you want someone to enter your house. Similarly, a port is only opened when it is used. Also like a door, if a port is weak or left open, intruders can enter.
There are 65,535 ports on your router but they are not all permanently open.
Secure ports are either opened manually by the owner of the network or by inbuilt protocols, such as UPnP and NAT-PMP. These protocols are designed to save users the effort of having to manually open ports; they give permission to the devices within the network to open ports on their own.
How does the Router Vulnerability Check work?
The Router Vulnerability Check is made up of two parts:
- The Remote Scan Test performs a port scan on your public Internet address (the individual numerical address visible to the public when you are online) to see which ports are open to the external world. Think of these ports as the open doors into your home; ensure only the strictly necessary ports are open.
- The Internal Router Audit checks the router addresses, the NAT configuration and whether UPnP or NAT-PMP is activated. Think of this as checking the security measures placed inside your house in case an intruder entered through the door.
Manual Router Vulnerability Check
Fing Mobile App and App Controlled Agent or Monitoring Unit
- Click the Tools tab on the bottom toolbar
- Click the Router vulnerability check widget under the heading Improve your network security
Fing Desktop
- Click the Tools tab on the left sidebar.
- Click the Test router vulnerabilities widget under the heading Improve your network security.
Results
Once the check is completed, Fing will show you:
- Details about your router
- Details about your setup
- Open ports on your router (only if vulnerabilities are detected)
If an open port is identified, select the port and close it manually.
Automated Router Vulnerability Check
The Automated Router Vulnerability Check feature is on Fing Desktop and Fingbox.
You can also use the Automated Router Vulnerability Check on Fing Mobile App, but you must pair your Fing Mobile App with Fing Desktop first.
Fing Mobile App
- From Overview, click the Security widget or click the Online Devices widget and click the Security tab
- Scroll down and you will find the Automated router vulnerabilities widget
- Click the blue Schedule button to schedule tests (every day, every two days or every seven days)
- Click the blue clock icon access a timeline of events
Fing Desktop
- Click the Security tab in the left sidebar
- Scroll down and you will find the Automated router vulnerabilities widget
- Click the blue button with the calendar icon to schedule tests (every day, two days or every seven days)
- Click the View timeline button access a timeline of events
Definitions
Port Forwarding
Port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets traverse a network gateway, such as a router or firewall.
UPnP
Universal Plug and Play (UPnP) is a network protocol that allows compliant devices to automatically set Port forwarding rules for themselves. These devices can be personal computers, printers, security cameras, game consoles, or mobile devices that communicate with each other and share data over your network.
To disable UPnP, access your router's setup page using a web browser. The UPnP settings are usually under Advanced Network settings.
NAT-PMP
Nat-PMP is a similar protocol to UPnP, in that it allows compliant devices to automatically set Port forwarding rules for themselves.
To disable NAT-PMP, you will need to access your router's setup page using a web browser. You will likely find the NAT-PMP settings under Advanced Network settings.
UPnP & NAT-PMP Risks
These protocols are considered a vulnerability because when they are enabled on your devices, they can poke holes in the Router Firewall. This means that if a device is compromised through hacking or malware, your router is open for vulnerabilities.
These protocols allow opening ports and creating port mapping and forwarding automatically, without any authentication.
Open Ports via UPnP or NAT-PMP
When your router allows UPnP or NAT-PMP port forwarding, some programs or applications may open or leave open ports redirecting a communication request from one address and port number combination to another.
An open port is a TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) port number that is actively accepting packets. (UPnP & NAT-PMP are both samples of TCPs). In other words, behind an open port is a system that is receiving communication. By contrast, a closed port rejects or ignores packets.
Further information
Click here for a comprehensive library detailing device vulnerabilities.
Schedule Router Vulnerability Tests: Video
Need Help?
Click the Submit a request button at the top right of the page
Comments
0 commentsArticle is closed for comments.