HIGH: Open NAT-PMP Report

DESCRIPTION LAST UPDATED: 2023-12-16

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have the NAT Port Mapping Protocol (NAT-PMP) running and accessible on the Internet.

These services have the potential to expose information about a client’s network on which this service is accessible. Information on this vulnerability can be found here.

You can track NAT-PMP exposure on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

Filename(s): scan_nat_pmp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the NAT-PMP response came on (usually UDP)
  • port
    Port that the NAT-PMP response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be nat-pmp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • version
    Version Code sent in response
  • opcode
    Operation Code sent in response
  • uptime
    Amount of time in seconds since the device was reset
  • external_ip
    The IPv4 address the device thinks is its external address
  • sector
    Sector the IP belongs to
  • response_size
    Response size in bytes
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","hostname_source","opcode","uptime","external_ip","sector","response_size","amplification"
"2010-02-10 00:00:00",high,192.168.0.1,udp,5351,node01.example.com,nat-pmp,0,64512,ZZ,Region,City,0,ptr,128,2368609,192.168.0.1,"Public Administration",12,6.00
"2010-02-10 00:00:01",high,192.168.0.2,udp,5351,node02.example.com,nat-pmp,0,64512,ZZ,Region,City,0,,128,24351597,192.168.0.2,,12,6.00
"2010-02-10 00:00:02",high,192.168.0.3,udp,5351,node03.example.com,nat-pmp,0,64512,ZZ,Region,City,0,ptr,128,1436928,192.168.0.3,,12,6.00

Our 132 Report Types