I was looking at UPnP for a bit to try to figure out how it works and after going though even the newest standard it still lacks any-kind of auditing or security options. I would think they would implement SOME kind of IEEE 802.1X or even just a cleartext password system but nada.
I don't know how UPnP is set up in linux (looking into it now) but I was wondering how hard it would be to have the new version of RouterOS support more than just basic Upnp options? Maybe setting up a config so that UPnP cannot allocate ports below 1024. Ip tracking on what ports were requested at what time and when they were released. IP mask blocking, etc.
Heck, it seems allot of information is moved using UPnP according to wireshark, I would like some ability to limit or mask that data and figure out who is sending it. As commented before, a virus could try upnp to open a port and I could find that out fast who is doing it.
I know, I know. Any administrator worth his salt would not use UPnP. But manufacturers are just making to many end devices that use it as the "cure all" I figure someone has to start doing something to make it manageable.
PS - Only solution I figured out right now is to put my wifi phones and game systems on a separate subnet that uses UPnP.