And the original post where the author first discovered the issue: Terramaster NAS exposing itself with UPNP
miniupnpd’s message “Why did you run me anyway?” is a nice touch (source).
Huh, in this older post (2019) the author says they always turn off uPnP when they can: https://kn100.me/exploiting-upnp-literally-childsplay/. I wonder what changed.
Heh, good answer. :-)
uPnP is rather a complicated beast. I’ve run minidlna for years (and mediatomb before it) and for sharing audio and video from my NAS to things on the LAN like TVs, DVD players, phones etc it is really great for the wide support. But while much just works in an obvious way, a lot of what it can do is not easy to make sense of and experiment with systematically. I recently tried to get my wireguard jail to forward the multicast packets it uses by running smcroute and enabling the ip_mroute kernel module but there must be more I need to do with ipfw to get that working. I’m fairly certain minidlna alone isn’t pushing holes in the router’s NAT (that needs something else like miniupnpd) but I actually would like a secure way for my kids to access our local media library when not at home. I’m reluctant to go with anything like Plex that appears to have some form of cloud component.
Depending on what your kids are running, maybe Wireguard tunnels and NFS or CIFS mounting? You can give them read-only mounts, too.