uPnP on home/school router

The usual purpose is for illicit filesharing. The risks are considerable, not only from the illicit filesharing, but also from being hacked. My standard practice is to turn UPnP off.

Turn it off. The instructions for setting up most university student routers include a section on turning it off:

See step 7.

The short answer is that uPNP allows a application to request a port forward or other router configuration changes without manual configuration.

Some routers have bugs that allow malicious software to have more power than they should, but as a rule this type of exploit needs malicious software already running on the PC anyway, so it's like being a little bit pregnant, there's little practical difference between being compromised and being more compromised.

That being said, I'd turn it off and configure port forwarding manually in most configurations.

That "rule" is incomplete -- there are also _external_ exploits.

Good advice.

Sure, but external exploits are on the wrong side of the NAT / firewall to open a port using UPnP.

If the router is buggy enough to accept UPnP requests from outside, you've likely got other design flaws that will bite you long before this one does.

Only if you assume the router is designed and programmed perfectly with no vulnerability on the WAN side, a dangerous assumption.

1. I've yet to see _any_ router without serious bugs, especially the cheap consumer ones.
2. UPnP compromise opens the door to serious hacking, and is thus more serious than most other kinds of vulnerabilities (e.g., DoS attack).

UPnP opens ports on the WAN side of the router. The most common are Microsoft Messenger ports at two per client. When I scanned my firewall for open ports, I was rather surprised to see two random ports open for every Windoze PC I had on the network. Also common is for a virus to use UPnP to open a WAN port to allow the evil bad guys to control a trojaned PC.

Pg 13.