[tolbish]

> you’ll want to make sure the router is locked down so outside attacks are avoided, and the neighborhood isn’t using your services

What are some key settings you would recommend to prevent these exact things? It's a bit challenging to grok all of the advanced router settings, and I don't think mine comes with "locked down against outside attacks" presets.

[simcop2387]

One of the big ones is upnp port forwarding. Your router might call it something else, but it's essentially a way for software to request a port forward from your router. This sounds alright at first but it's frequently abused to allow stuff that shouldn't be publically accessible bypass any firewall. The biggest issues with it is that it's completely unauthenticated so with the right commands sent, an attacker can cause anything to be exposed. Port forwarding alone isn't a bad thing, but the automated unauthenticated setup is just usually too much.