I just visited my router's port forwarding area (for the first time in years)with the intention of setting up some rules to allow me to host Wreckfest games.
I expected there to be no rules at all as I had deleted those that i had created a long time ago. However I did find a rule there for named as libminiupnp allowing in/out UDP ports 23022, with the hostname as my Zorin pc's name.
A few rookie questions!
What is it?
How the heck did the rule get on the router? I can't even look at this section of the firewall without logging in as Admin. Do I need to change my password?
Universal Plug N' Play allows devices to be connected and 'just work' without needing configuration.
Many things that you connect to can request libminiupnp: Xbox, Plex, Discord, video games... it is a long list.
Without knowing what requested it, no one here can know that answer... You may have tried out an application that requested it, then removed the application and be home free. Or... Many applications you desperately need depend on it and you would gnash your teeth without it.
You can look at the connection list for the I.P. of the device using it to narrow it down to a device if other than your computer.
If you are wondering if it is safe: generally, yes. But in the right circumstances, having it without authentication through your router can open a remote exploit: If you cannot identify the device using it - or application using it, I would remove it. Then if something you use later breaks complaining of it being missing; you can breathe a sigh of relief that that was all it was.
Hmm - I think I will have to remove the rule and see what if anything complains. I can always put it back if required.
What bothers me is that whatever wanted it seems to have bypassed the router admin login. I shall have a word with my ISP (the router provider) and see just how long and horrendous I can make a new password!
That's actually the entire point. If you had to log into your router to set it up, it wouldn't be plug & play. The UPnP standard doesn't even include authentication; there are separate things to implement for that. Often, UPnP on the router just assumes anything on your local network is trustworthy--you let it onto your network, after all. There are lots of reasons that's not a great assumption.
If you just delete the rule on your router but don't turn off UPnP on the router, nothing stops a new rule from being established. One option is to disallow UPnP on the router, but you should be aware that this may require that you manually configure port forwarding for various devices. The downside of this is that if you manually configure port forwarding, that port is ALWAYS open on your router. Comparatively, it's possible for UPnP to open and close ports as needed.
Thank you Locklear93 - that opened up a whole can of worms I had never considered. Yikes.
I had not realised that upnp had this functionality on the router - if I had thought it through the penny may have dropped (or not!).
I will try disabling this altogether and see what happens. Hopefully I have not been compromised by something being dumped on my PC and "phoning home". perhaps I should reinstall the OS to be on the safe side. I do have Zorin's built in firewall turned on.
I am new to Linux and have been enjoying Zorin instead of Windows, and have been concentrating on testing games etc - think I need to get back to basics lol. On the plus side I am probably ok (??) - in the last 20 years in windows running av and anti-malware regularly, no virus has ever been discovered. As i haven't changed my habits I hope my last 9 months of lInux only use has left me equally untouched.
I apologize if I actually caused the OP any concern--full disclosure, I have UPnP on on my own router. I've taken other steps, like segmenting my network with VLANs and putting less trustworthy devices where they can't touch my computers, and dropping whole regions of the world when they connect to my router for any reason. I know there's no reason for me to have incoming connections from Russia, and it was generating a LOT of port scans, so I just drop anything from IPs there. That kind of thing does generally require a more expensive router, though.
Thank you both for your reassurance and the setting of context for the risk levels. I must admit i did get a bit twitchy there!
I will turn off and investigate when there is enough quality time to pay proper attention. My guess is that it may have something to do with our wireless Epson printer. Drivers/software for this, is the only thing I have downloaded from a source outside the Zorin software "store" (though I have downloaded flatpack stuff from there).
I shall let you know what happens (if anything) just in case it may be of use to another rookie like me who finds themself in a similar place.
Well I finally disabled upnp (as per swarfendor's example) and so far have detected no changes in behaviour on the pc. I guess time will tell!
Weirdly, I couldn't get rid of the rule in the router firewall, even though upnpn itself was disabled. Tried several sequences of actions to no avail. Did a quick search and several people have had this issue on varying routers.
Hmm - will pursue this later, but am working on the evidence-less assumption that the rule is not in effect as the router claims to have unpn turned off....
If it concerns you, you could look at the rule and use the firewall software on the PC it points to to explicitly close that port... probably. I firewall at the router but not at my PC, so I don't have experience configuring the firewall software Zorin includes. (My desktop is never going to connect to another network, so it's not like a laptop where a local firewall is important in case you use public wifi, a friend's network, or whatever.)
