maskUz 0 Posted December 29, 2023 Share Posted December 29, 2023 Some time ago, I checked network protection and started worrying about viruses. Addition.txt FRST.txt Link to comment Share on other sites More sharing options...
itman 1,752 Posted December 30, 2023 Share Posted December 30, 2023 (edited) The key blocked entry in the screen shots posted is for the unknown device with an IP address of 169.254,91.65. This address assignment is associated with APIPA IP addresses assignment: https://www.techtarget.com/whatis/definition/Automatic-Private-IP-Addressing-APIPA . A router/gateway will default to APIPA IP address assignment when there is an issue with router/gateway DHCP server processing and a DHCP server IP address assignment cannot be made. Bottom line - there is an issue with the router/gateway you are using. You can perform a hard reset on the router/gateway via its GUI interface and see if that resolves the DHCP server issue. Edited December 30, 2023 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted December 31, 2023 Most Valued Members Share Posted December 31, 2023 (edited) On 12/29/2023 at 11:25 PM, maskUz said: Some time ago, I checked network protection and started worrying about viruses. Addition.txtUnavailable FRST.txtUnavailable You are getting so much SSDP requests that it looks similar to an DDOS attack, which there is a method as far as I recall that can use your internal addresses to send DDOS to other devices This is happening through uPnP, Quote In 2014 it was discovered that SSDP was being used in DDoS attacks known as an SSDP reflection attack with amplification. Many devices, including some residential routers, have a vulnerability in the UPnP software that allows an attacker to get replies from port number 1900 to a destination address of their choice. With a botnet of thousands of devices, the attackers can generate sufficient packet rates and occupy bandwidth to saturate links, causing the denial of services.[8][9][10] The network company Cloudflare has described this attack as the "Stupidly Simple DDoS Protocol".[10] Try to close uPnP from your firewall and make sure your router's firewall is working and check if those requests keep coming, and also different ports like 137 Try to update your firewall to latest version , disable uPnP , and make sure it blocks connection from outside properly to all ports, if this persists try also to check the other devices in your network to make sure they are clean and not infected. Edited December 31, 2023 by Nightowl Link to comment Share on other sites More sharing options...
Recommended Posts