Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Modem/Router Issue?


  • Please log in to reply
6 replies to this topic

#1 peter41

peter41

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 15 August 2015 - 11:05 AM

I run a Samsung NP3005A laptop with Windows 7/SP1 connecting to the internet wirelessly via a 2003 vintage Siemens SE572 ISP provided modem router. I would welcome any initial thoughts on a behaviour recently detected in (apparently) my router.

 

I recently noted that my Norton firewall was blocking (Default Block SSDP rule) a continuous flood (very regular 28 per second) of messages apparently incoming from my router port1900 using UDP(17) protocol to multicast address 230.255.255.250 on my PC port 1900. 'Continuous' as detected whenever laptop is on and firewall up, regardless of whether I am logged on or not.

 

I have no idea how long this has been going on - these firewall reports are not ones that Norton highlights as of concern, and I do not normally look at the detailed 'no problem' reports.

 

I took my laptop to the library (different router and probably different ISP) - the issue did not arise. 

 

Norton and MWB full scans both show no issues. I have not experienced any deterioration in speed or performance.

 

Limited enquiries/googling suggest (a) this does not seem to be a common experience; and (B) that it may be due to my router broadcasting its presence to the 'local network' as part of 'plug and play'' implementation - although UpNp on my router is apparently switched 'off'' as per admin page.

 

I can't really claim this as a problem at present - more of a puzzle I would welcome your thoughts on. 

 

Peter

 

 



BC AdBot (Login to Remove)

 


#2 mjd420nova

mjd420nova

  • Members
  • 1,844 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 15 August 2015 - 03:17 PM

Some of these problems erupt and can really be tough to find.  A common problem I've run into with older modems is they tend to be interfered with by some of the newer multi- band, multi-channel routers.  I use a program called   insider,  from insider.com.   It allows you to see all the routers in range and a graphic display of their channels, and yours.  Maybe all you have to do is switch channels.



#3 peter41

peter41
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 17 August 2015 - 01:23 PM

Thanks for your help mjd. I wondered about the possibility of interference from a nearby router.

 

I think I might try your suggestion of trying different channels  - perhaps before buying in any analysis software (I don't think insider is freeware).

 

I haven't tried changing channels before: I've located the settings on my router's web page (currently set on channel 11 -probably the factory default), so I can see how to change that, but do I need to change any settings on my laptop so that it recognises any change I make at the router?

 

And should this change of setting be something that I can do without involving my ISP (and I would go a long way and put up with a lot to avoid doing that!).

 

Peter

 

 



#4 mjd420nova

mjd420nova

  • Members
  • 1,844 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 17 August 2015 - 05:18 PM

I had not trouble changing the WIFI cards in each device, they know what to look for and will find it regardless of channel.  Inssider is free, the advanced versions cost  but the free program should let you see all the WIFI routers.  I'm looking for one that scans for all the WIFI devices connected to all those routers.  It would help to let me find the clown trying to use my router as a bridge.  Got past the first encryption but has to deal with MAC address filters and I have their MAC address and can block it.



#5 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:38 PM

Posted 17 August 2015 - 05:44 PM

You might try disabling the Windows SSDP service (Simple Service Discovery Protocol) and see if that makes a difference.


How Can I Reduce My Risk to Malware?


#6 peter41

peter41
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 23 August 2015 - 11:40 AM

I haven't gone as far as disabling ssdp yet - but I have found that stopping it (Task Manager or Services) kills the flow of Norton reports (and restarting  ssdp starts the messages again). So it looks as though disabling ssdp would do the trick, although I am not too sure what else such a course of action would entail.

 

More to the point, I'm still far from clear why stopping ssdp would stop a flood of what Norton tells me are *incoming* messages from my router's local address and targeted on ssdp. Unless I suppose ssdp is flooding the router with outgoing messages that require it to respond???

 

Any further thoughts? And thanks for your help so far.

 

Peter



#7 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:38 PM

Posted 27 August 2015 - 06:27 PM

Sorry for the delay. SSDP is used to discover plug and play devices on a network.

 

Unless I suppose ssdp is flooding the router with outgoing messages that require it to respond???

Sounds reasonable to me.

 

Reference:

 

https://wiki.wireshark.org/SSDP

http://www.blackviper.com/windows-services/ssdp-discovery/

http://quimby.gnus.org/internet-drafts/draft-cai-ssdp-v1-03.txt

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users