Results 1 to 14 of 14

Thread: Help with understanding log entry

  1. #1
    JClark
    Guest

    Help with understanding log entry

    Hello Group,
    I have a Linksys router and a Windows XP SP3 computer. My software
    firewall is Deerfield Visnetic. Lately I notice log entries when I
    boot up (and continuing) which seem to suggest that the router is
    trying to send the computer a UDP packet.

    Log:
    Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    source port varies anywhere from 9555 to 9599
    destination port is 162

    What does this mean?
    Should I write a rule to permit it?

    Many thanks for any clarification.

    Jack

  2. #2
    Bit Twister
    Guest

    Re: Help with understanding log entry

    On Sun, 29 Aug 2010 05:50:26 -0400, JClark wrote:

    > Log:
    > Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    > source port varies anywhere from 9555 to 9599
    > destination port is 162
    >
    > What does this mean?
    > Should I write a rule to permit it?


    If everything is working, why allow it. :(

    Check bottom of page at https://secure.dshield.org/port.html?port=162

  3. #3
    JClark
    Guest

    Re: Help with understanding log entry

    On Sun, 29 Aug 2010 10:00:36 +0000 (UTC), Bit Twister
    <BitTwister@mouse-potato.com> wrote:

    >On Sun, 29 Aug 2010 05:50:26 -0400, JClark wrote:
    >
    >> Log:
    >> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    >> source port varies anywhere from 9555 to 9599
    >> destination port is 162
    >>
    >> What does this mean?
    >> Should I write a rule to permit it?

    >
    >If everything is working, why allow it. :(
    >
    >Check bottom of page at https://secure.dshield.org/port.html?port=162

    Well, I guess you have a point. But I am trying to understand what is
    happening and hoped I could learn something.

    Jack

  4. #4
    JClark
    Guest

    Re: Help with understanding log entry

    On Sun, 29 Aug 2010 10:00:36 +0000 (UTC), Bit Twister
    <BitTwister@mouse-potato.com> wrote:

    >On Sun, 29 Aug 2010 05:50:26 -0400, JClark wrote:
    >
    >> Log:
    >> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    >> source port varies anywhere from 9555 to 9599
    >> destination port is 162
    >>
    >> What does this mean?
    >> Should I write a rule to permit it?

    >
    >If everything is working, why allow it. :(
    >
    >Check bottom of page at https://secure.dshield.org/port.html?port=162

    Sorry, I didn't see the link at the end of your post. I'll check that
    out. And thanks.

    Jack

  5. #5
    iggster
    Guest

    Re: Help with understanding log entry

    First off, how can you just "write a rule to permit it" if you do not
    understand what it is?
    Your router is sending SNMP traps. Go to its setup and disable it. If
    you plan on using SNMP monitoring, then configure a specific IP address,
    not the entire subnet.


    On 8/29/2010 5:50 AM, JClark wrote:
    > Hello Group,
    > I have a Linksys router and a Windows XP SP3 computer. My software
    > firewall is Deerfield Visnetic. Lately I notice log entries when I
    > boot up (and continuing) which seem to suggest that the router is
    > trying to send the computer a UDP packet.
    >
    > Log:
    > Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    > source port varies anywhere from 9555 to 9599
    > destination port is 162
    >
    > What does this mean?
    > Should I write a rule to permit it?
    >
    > Many thanks for any clarification.
    >
    > Jack



    --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

  6. #6
    VanguardLH
    Guest

    Re: Help with understanding log entry

    iggster wrote:

    > JClark wrote:
    >
    >> I have a Linksys router


    Linksys has lots of models. Not a clue which one the OP happens to use.

    >> Lately I notice [firewall] log entries when I boot up (and
    >> continuing) which seem to suggest that the router is trying to send
    >> the computer a UDP packet.
    >>
    >> Log:
    >> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    >> source port varies anywhere from 9555 to 9599
    >> destination port is 162
    >>
    >> What does this mean?


    > Your router is sending SNMP traps. Go to its setup and disable it. If
    > you plan on using SNMP monitoring, then configure a specific IP address,
    > not the entire subnet.


    You sure the traffic isn't due to UPnP discovery by the router? The OP
    should see if the traffic stops if UPnP is disabled in the router's
    configuration.

    http://msdn.microsoft.com/en-us/library/ms885488.aspx
    http://en.wikipedia.org/wiki/Upnp#Discovery

    > --- news://freenews.netfront.net/ - complaints: news@netfront.net ---


    Another user spamming in a non-signature on behalf of their NSP.

  7. #7
    iggster
    Guest

    Re: Help with understanding log entry

    On 8/29/2010 10:13 PM, VanguardLH wrote:
    > iggster wrote:
    >
    >> JClark wrote:

    >
    >>> I have a Linksys router

    >
    > Linksys has lots of models. Not a clue which one the OP happens to use.
    >
    >>> Lately I notice [firewall] log entries when I boot up (and
    >>> continuing) which seem to suggest that the router is trying to send
    >>> the computer a UDP packet.
    >>>
    >>> Log:
    >>> Blocked incoming UDP packet from 192.168.1.1 to 192.168.xxx
    >>> source port varies anywhere from 9555 to 9599
    >>> destination port is 162
    >>>
    >>> What does this mean?

    >
    >> Your router is sending SNMP traps. Go to its setup and disable it. If
    >> you plan on using SNMP monitoring, then configure a specific IP address,
    >> not the entire subnet.

    >
    > You sure the traffic isn't due to UPnP discovery by the router? The OP
    > should see if the traffic stops if UPnP is disabled in the router's
    > configuration.
    >

    You are correct. I over-estimated the capabilities of Linksys. It most
    likely IS the discovery bcast.

    > http://msdn.microsoft.com/en-us/library/ms885488.aspx
    > http://en.wikipedia.org/wiki/Upnp#Discovery
    >
    >> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

    >
    > Another user spamming in a non-signature on behalf of their NSP.

    Huh? Spamming?

    --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

  8. #8
    VanguardLH
    Guest

    Re: Help with understanding log entry

    iggster wrote:

    VanguardLH wrote:
    >
    >> iggster wrote:
    >>
    >>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

    >>
    >> Another user spamming in a non-signature on behalf of their NSP.

    >
    > Huh? Spamming?


    They are appending their promotional (spam) text onto your posts. That
    spam isn not in a signature (there is no sigdash line). That means all
    of your posts through them are spam. You have elected to be their
    spamming affiliate.

  9. #9
    iggster
    Guest

    Re: Help with understanding log entry

    On 8/31/2010 4:46 AM, VanguardLH wrote:
    > iggster wrote:
    >
    > VanguardLH wrote:
    >>
    >>> iggster wrote:femfensive, no
    >>>
    >>>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
    >>>
    >>> Another user spamming in a non-signature on behalf of their NSP.

    >>
    >> Huh? Spamming?

    >
    > They are appending their promotional (spam) text onto your posts. That
    > spam isn not in a signature (there is no sigdash line). That means all
    > of your posts through them are spam. You have elected to be their
    > spamming affiliate.

    This is the news server I use. _One_ line at the end of my posting is
    not really offensive, now is it really? I "have elected" to use one of
    not so many free news servers. Why this is such a big deal to you that
    you "have elected" to waste my time and yours on this discussion that
    has nothing to do with the OP? Casual flaming is very easy but most
    times it is just a meaningless, well, flaming.
    Regards,


    --- news://freenews.netfront.net/ - complaints: news@netfront.net ---

  10. #10
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Help with understanding log entry

    iggster <fryphil@nomailatall.com> wrote:
    > On 8/31/2010 4:46 AM, VanguardLH wrote:
    >> iggster wrote:
    >>> VanguardLH wrote:
    >>>> Another user spamming in a non-signature on behalf of their NSP.
    >>>
    >>> Huh? Spamming?

    >>
    >> They are appending their promotional (spam) text onto your posts.
    >> That spam isn not in a signature (there is no sigdash line). That
    >> means all of your posts through them are spam. You have elected to
    >> be their spamming affiliate.

    >
    > This is the news server I use. _One_ line at the end of my posting is
    > not really offensive, now is it really? I "have elected" to use one of
    > not so many free news servers. Why this is such a big deal to you that
    > you "have elected" to waste my time and yours on this discussion that
    > has nothing to do with the OP?


    Because unsolicited advertisements, like those your news provider
    appends to each of your postings, are commonly known as "spam". Which is
    frowned upon in most any part of Internet and Usenet I had to do with.

    Of course the decision whether you want to support spam is entirely up
    to you.

    Score adjusted. F'up2p.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  11. #11
    VanguardLH
    Guest

    Re: Help with understanding log entry

    iggster wrote:

    > VanguardLH wrote:
    >
    >> iggster wrote:
    >>
    >> VanguardLH wrote:
    >>>
    >>>> iggster wrote:femfensive, no
    >>>>
    >>>>> --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
    >>>>
    >>>> Another user spamming in a non-signature on behalf of their NSP.
    >>>
    >>> Huh? Spamming?

    >>
    >> They are appending their promotional (spam) text onto your posts. That
    >> spam isn not in a signature (there is no sigdash line). That means all
    >> of your posts through them are spam. You have elected to be their
    >> spamming affiliate.

    >
    > This is the news server I use. _One_ line at the end of my posting is
    > not really offensive, now is it really? I "have elected" to use one of
    > not so many free news servers. Why this is such a big deal to you that
    > you "have elected" to waste my time and yours on this discussion that
    > has nothing to do with the OP? Casual flaming is very easy but most
    > times it is just a meaningless, well, flaming.
    > Regards,
    >
    > --- news://freenews.netfront.net/ - complaints: news@netfront.net ---


    Now you are trying to qualify your, er, their spam as not spam. "No,
    officer, I only stuck him once with the dagger". I /elected/ to use
    free Teranews but immediately dropped them the next day after noticing
    they spamified all my posts (I believe they stopped that practice but
    that was long after I dropped their service for spamifying my posts).

    Being a free NSP doesn't give them a free pass to spam. They're
    spamming their service. If you continue using them, you choose to
    continue being their spam affiliate. There are plenty of other "not so
    many free news servers" that do NOT spamify their users' posts.

    So you think it's okay for a free NSP to put a one-liner spam (and NOT
    after a sigdash line) in every post submitted through them. So, if they
    switched to promoting Viagra or other crap than that is okay, too. That
    they are advertising their service doesn't change that it is spam. That
    they deliberately NOT place it after a sigdash is their attempt to
    ensure that others see their spam (because many newsreaders will strip
    out signatures and they certainly don't want their spam to be hidden).

  12. #12
    JClark
    Guest

    Re: Help with understanding log entry

    On Sun, 29 Aug 2010 12:48:10 -0400, iggster <fryphil@nomailatall.com>
    wrote:

    >Your router is sending SNMP traps. Go to its setup and disable it

    Thank you. That does help to explain it. I must now research the
    details of the subject you have introduced me to.

    Jack

  13. #13
    JClark
    Guest

    Re: Help with understanding log entry

    On Sun, 29 Aug 2010 21:13:08 -0500, VanguardLH <V@nguard.LH> wrote:

    >Linksys has lots of models. Not a clue which one the OP happens to use

    Sorry. It's a BSFX41.

    Jack

  14. #14
    VanguardLH
    Guest

    Re: Help with understanding log entry

    JClark wrote:

    > VanguardLH wrote:
    >
    >> Linksys has lots of models. Not a clue which one the OP happens to
    >> use

    >
    > Sorry. It's a BSFX41.


    You sure?

    I went to http://homesupport.cisco.com/en-us/wireless/linksys/ (to see
    if they have an online copy of the manual) and a search on "BSFX41"
    found no matches.

    The manual should describe how to configure the router's behaviors.
    They list even my ancient BEFSR41 router there. Of course, if you have
    the manual you could read it to see if the UPnP option is described.
    You could just connect to the router's web server (perhaps at
    http://192.168.1.1) to go look through its configuration screens to see
    if there is a UPnP option. If you find one, disable it to see if the
    mysterious traffic ceases.

Similar Threads

  1. "Windows was unable to find a certificate to log you,on to the network[SSID]"
    By Jessei Medina in forum ms.public.windows.networking.wireless
    Replies: 0
    Last Post: 02-23-10, 09:32 AM
  2. Did this get resolved?
    By Chad Ingram in forum ms.public.windows.networking.wireless
    Replies: 1
    Last Post: 11-20-09, 12:09 PM
  3. Please check my Hijack log
    By BOWTYE8 in forum Software Forum
    Replies: 7
    Last Post: 11-17-08, 05:47 PM
  4. AirPMCFG.exe & WZCSLDR2.exe - Entry Point Not Found -Wlanapi.dll
    By leeroy santana in forum ms.public.windows.networking.wireless
    Replies: 2
    Last Post: 11-17-08, 04:27 AM
  5. I have no clue...router breeched?
    By cig19335 in forum Routers & Internet Sharing
    Replies: 2
    Last Post: 10-29-08, 10:31 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •