Incoming UDP packets

Discussion in 'other firewalls' started by supergravy, Jul 25, 2006.

Thread Status:
Not open for further replies.
  1. supergravy

    supergravy Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    17
    Location:
    Oxford, UK
    Hoping somebody can help me to figure out why my router, a dlink di-634m, is letting incoming udp packets through to one of my pc's. I only have one application/port set up for forwarding on port 50600. On the plus side, I am appreciating my software firewall more then ever for letting me know. I had been using jetico, kept thinking I had it configured, and kept getting prompted. Ended up switching to outpost and am generally liking it, particularly all these logs. Here is an excerpt of the incoming packets that have me worried:

    9:04:51 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    9:04:35 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:51:54 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    8:44:50 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:44:28 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:32:16 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    8:24:41 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:24:27 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:11:51 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    8:04:44 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    8:04:28 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    7:51:50 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    7:44:42 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    7:44:25 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    7:32:04 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    7:24:48 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    7:24:24 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    7:11:49 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    7:04:23 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    6:51:48 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    6:44:22 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    6:32:02 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    6:24:38 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    6:24:21 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    6:11:47 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    6:04:48 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    6:04:20 PM n/a IN REFUSED UDP 200.77.109.14 11540 Packet to closed port
    5:51:45 PM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port

    Thanks!
     
    supergravy, Jul 25, 2006
    #1
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    You are getting data request from:
    UPC Broadband Operations B.V and MegaCable SA de CV. Is that your Cable connection provider? Is the svchost.exe involved in that?
     
    Tommy, Jul 25, 2006
    #2
  3. supergravy

    supergravy Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    17
    Location:
    Oxford, UK
    No, these incoming requests are not at all related to my ISP. I don't really like the looks of where these are coming from. In addition to what you listed some of the requests are coming from Amsterdam.

    I did find some poorly documented vpn settings in my router that were enabled. After disabling all of them it does seem that I have stopped the forwarding of the traffic that was going to port 11540. I still have the following getting through to my pc though:

    6:47:57 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    6:07:48 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    5:47:44 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    5:27:47 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    5:07:36 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    4:47:31 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    4:07:22 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    3:47:18 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    3:07:10 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    2:47:06 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    2:27:02 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    2:06:58 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port
    1:26:49 AM n/a IN REFUSED UDP 213.93.4.120 26402 Packet to closed port

    I will keep working on it and am also going to post my question at more appropriate forum for this matter. I apologize if this is off topic here, just that I have lurked here for a long time and know there are some very knowledgable people here. That and I never would have noticed this had I not been playing with jetico, comodo and outpost.
     
    supergravy, Jul 26, 2006
    #3
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    There are, but in this case it's not me, sorry. Have some patience. They surly will answer.
    Which forum would that be, i am allways interested in new sources.
     
    Tommy, Jul 26, 2006
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...