Re: blocking incoming udp packets



JClark <jclark@xxxxxxxxxxxxxx> writes:

On Wed, 09 Jul 2008 22:14:13 -0500, comphelp@xxxxxxxxx (Todd H.)
wrote:

JClark <jclark@xxxxxxxxxxxxxx> writes:

On Wed, 09 Jul 2008 13:06:15 -0500, comphelp@xxxxxxxxx (Todd H.)
wrote:

JClark <jclark@xxxxxxxxxxxxxx> writes:

Returning to the original question, a summary, as I see it (not
necessarily correctly):

It seems the router is sending udp packets to 255.255.255.255 (both
source and destination ports = 520, or to 192.168.1.255 (source port
ranging from 7000 to 7259, and destination port 162.

I have no idea what this all means.

UDP 162 is the SNMP trap port. If you're not familiar with simple
network management protocol, this traffic to 162 may simply be the
network device attempting to send traps to be logged by an SNMP
management station.

UDP 520 is RIP routing. The router is advertising routes with this
exceedingly simple, easy to spoof protocol.

Both should be functionality that can be disabled in the source
network device.

Best Regards,
Todd,
Some good news. I was able to disable RIP routing in the router, and
now all the traffic over UDP 520 has stopped.
Now I need to work on the SNMP 162. It isn't quite as clear.
But it seems I'm on the right track.
Many thanks again.

Disabling SNMP in general on the device is a good idea if you're not
using it. Did I miss in this thread where the make/model of the
router was mentioned?
Hi Todd,

It's a Linksys BEFSX41.
The RIP disabling was easy to do, and that has stopped the traffic on
port 520.
Under "Administration" I have SNMP "disable" checked, so SNMP ought to
be disabled. I also have UPnP disabled.

But I'm still getting the port 162 traffic.

Barring an answer from an owner here, your next step is to a linksys
support forum on this model and asking users there how to disable the
sending of traps.

You will also want to make sure you have the latest firmware for that
device as it has quite a checkered history with respect to exploitable
firmware vulnerabilities.

Best Regards,
--
Todd H.
http://www.toddh.net/
.



Relevant Pages

  • Re: blocking incoming udp packets
    ... It seems the router is sending udp packets to 255.255.255.255 (both ... UDP 162 is the SNMP trap port. ... The RIP disabling was easy to do, and that has stopped the traffic on ...
    (comp.security.firewalls)
  • Re: New experience for me...
    ... Many of these unsolicited messages come in through port 135 UDP. ... your router, its configuration, and/or the configuration of your computers. ... For example Is your router set to allow WAN requests? ...
    (comp.security.firewalls)
  • Re: blocking incoming udp packets
    ... It seems the router is sending udp packets to 255.255.255.255 (both ... UDP 162 is the SNMP trap port. ... The RIP disabling was easy to do, and that has stopped the traffic on ...
    (comp.security.firewalls)
  • Re: Routing and Remote Service Issue
    ... If you are connecting using L2TP, then you need to open up ports UDP 1701, ... UDP 500 and UDP 4500. ... Am I missing a port here that I need to open on the router? ...
    (microsoft.public.isa.vpn)
  • Re: Best free firewall software
    ... Eventually, yes, to test the effectiveness of my router. ... A firewall is a concept any serious firewall concept includes host ... it's just a registered port. ... Disabling a network doesn't necessarily mean disabling the service ...
    (comp.security.firewalls)