uPnP Router Access Point and Blocked Taffic from internal Devices

[sunnyh 0]

So ESET has blocked about x31 IN packets from my own computer, every detail shows up as N/A.
Inside the network monitor tool there is also a uPnP Access Point router while uPnP is shut off in my router.
What else can I do do investigate more as every detail is either N/A or not shown.

[Marcos 5,072]

I'd suggest the following:

- Enable advanced firewall logging under Tools -> Diagnostics and also temporarily change the logging verbosity to Diagnostics.
- Reboot the computer.
- After you've encountered a problem with the communication blocked by the firewall, disable logging.
- Collect logs with ELC and upload the generated archive to a safe location.
- Drop me a message with the download link and provide information about the IP addresses between which the communication was blocked and subsequently caused issues.

[sunnyh 0]

3 hours ago, Marcos said:

I'd suggest the following:

- Enable advanced firewall logging under Tools -> Diagnostics and also temporarily change the logging verbosity to Diagnostics.
- Reboot the computer.
- After you've encountered a problem with the communication blocked by the firewall, disable logging.
- Collect logs with ELC and upload the generated archive to a safe location.
- Drop me a message with the download link and provide information about the IP addresses between which the communication was blocked and subsequently caused issues.

I have activated the logs, last night my network seemed to have been attacked. I switched over to OpenDNS, and tried blocking that router via my routers firewall and ESET firewall. At first my router was unable to save settings so I made a hard reset. After the hard reset I was able to save the firewall settings but to no avail. Even with ESETs firewall rule blocking that routers internal IP 1.1.1.2, Viewing wireshark I could still see activity in my network also communicating with my device.

This all happend around 2am - 6am.
I was up all night trying to work this out.

Right now the network scanner doesnt detect the uPnP access router so I believe it usually happens at night (I believe it may be a neighbor as you need to be within my wifis distance in order to connect a device like that am I correct?). I activated the log now, but after awhile I'll disable it and reactivate it at night again as during the day everything is normal.

Edited December 4, 2017 by sunnyh

[Marcos 5,072]

Please provide the logs as instructed in my previous post to troubleshoot the issue further.

[sunnyh 0]

Here are the logs ran after startup for a few minutes. I dont think its enough time as these packets get blocked every once in awhile and its hard for me to turn it on as soon as I notice them.

 

Edited December 5, 2017 by sunnyh

[SCR 195]

5 hours ago, sunnyh said:

Here are the logs ran after startup for a few minutes. I dont think its enough time as these packets get blocked every once in awhile and its hard for me to turn it on as soon as I notice them.

 

If your logs contain any private information I recommend that you edit your post to remove the link and send it  to Marcos in a PM (Private Message) as he suggested

 

On 12/4/2017 at 10:36 AM, Marcos said:

- Drop me a message with the download link and provide information about the IP addresses between which the communication was blocked and subsequently caused issues.

.

Edited December 6, 2017 by SCR

[sunnyh 0]

1 hour ago, SCR said:

If your logs contain any private information I recommend that you edit your post to remove the link and send it  to Marcos in a PM (Private Message) as he suggested

 

.

They dont have any private info as far as I know, but I'll remove it just in case. Thank you for the heads up.