Setup:
US Robotics 9105 Router
Client machine with Sygate Firewall

I am getting port scans from my router ip address (192.168.1.1) which are displaying on my sygate firewall on my client machine.

My router has a firewall..

Sygate:

Somebody is scanning your computer.
Your computer's UDP ports:
47040, 2125, 1900, 12823 and 27290 have been scanned from 192.168.1.1.

Somebody is scanning your computer.
Your computer's UDP ports:
43869, 61009, 29503, 1900 and 14953 have been scanned from 192.168.1.1.

Somebody is scanning your computer.
Your computer's UDP ports:
28396, 3776, 1900, 39428 and 10716 have been scanned from 192.168.1.1.


This surely can't be my router as the original source

How is this happening? Any ideas?

Hi ZodiacZTR

... and welcome to Wilders :).

Does your router have UPnP functionality?
The UPD 1900 in your logs could be related to this type of traffic.

Regards,

CrazyM

Thanks for the Reply CrazyM

My router does support UPnP.

Not 100% sure what it provides/does?


Port number 1900 is msn if I recall correctly?

But how about the other random port numbers.

I never use applications with port numbers that high?

-{ Quote: "My router does support UPnP.

Not 100% sure what it provides/does?" }-

In routers one thing it does is help open ports and forward traffic dynamically and then close them when no longer required. This avoids having to permanently forward port ranges.


-{ Quote: "Port number 1900 is msn if I recall correctly?

But how about the other random port numbers." }-

Port number 1900 is associated with SSDP/UPnP, the others may just be the dynamic ports being used.

-{ Quote: "I never use applications with port numbers that high?" }-

Does your Sygate have an option to monitor active connections? If so, it may show what apps are using these ports. If you are not making use of UPnP, you could always disable the service in XP and disable the option on the router.

Regards,

CrazyM