Jump to content

Is it viruses?


maskUz

Recommended Posts

  • Marcos changed the title to Is it viruses?

The key blocked entry in the screen shots posted is for the unknown device with an IP address of 169.254,91.65.

This address assignment is associated with APIPA IP addresses assignment: https://www.techtarget.com/whatis/definition/Automatic-Private-IP-Addressing-APIPA . A router/gateway will default to APIPA IP address assignment when there is an issue with router/gateway DHCP server processing and a DHCP server IP address assignment cannot be made.

Bottom line - there is an issue with the router/gateway you are using. You can perform a hard reset on the router/gateway via its GUI interface and see if that resolves the DHCP server issue.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
On 12/29/2023 at 11:25 PM, maskUz said:

Some time ago, I checked network protection and started worrying about viruses.

Screenshot_2.png

Screenshot_1.png

Screenshot_3.png

Screenshot_4.png

Addition.txtUnavailable FRST.txtUnavailable

You are getting so much SSDP requests that it looks similar to an DDOS attack, which there is a method as far as I recall that can use your internal addresses to send DDOS to other devices

This is happening through uPnP,

Quote

In 2014 it was discovered that SSDP was being used in DDoS attacks known as an SSDP reflection attack with amplification. Many devices, including some residential routers, have a vulnerability in the UPnP software that allows an attacker to get replies from port number 1900 to a destination address of their choice. With a botnet of thousands of devices, the attackers can generate sufficient packet rates and occupy bandwidth to saturate links, causing the denial of services.[8][9][10] The network company Cloudflare has described this attack as the "Stupidly Simple DDoS Protocol".[10]

Try to close uPnP from your firewall and make sure your router's firewall is working and check if those requests keep coming, and also different ports like 137

Try to update your firewall to latest version , disable uPnP , and make sure it blocks connection from outside properly to all ports, if this persists try also to check the other devices in your network to make sure they are clean and not infected.

Edited by Nightowl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...