> If your NAT router/gateway keeps this port open and you are sure you want to filter it (potential interference with ISPs pushing firmware updates), try the following. Navigate to your router's admin interface and disable TR-069. If that does not work, look under "port forwarding", or "virtual servers", and forward the port to an unused local IP address, like (192.168.1.252)

From the source that was linked. So the original author doesn't recommend 192.168.1.252 but just uses it as an example

From the link they posted, the guide says to forward the port to any unused IP address, like 192.168.1.252. I think this effectively causes an attacker's traffic to get dropped.