Hi, From the look of it you have UPnP enabled on your router and it is attempting to auto-discover any ports you want exposed to the outside world. It appears to be attempting to auto-discover any ports you want forwarded. That's just based on a quick scan of the draft, so I could easily be wrong. The simplest thing to do is check the router and see if you have UPnP enabled. Then check if there's also some auto-discovery option that's enabled. If you do have auto-discovery enabled, you could try disabling it and see if the messages stop being sent (of course, it may not give you the option to disable it separately, either). If you're not using UPnP on that router, you could just try disabling it completely, which ought to shut off the message traffic. Brendan On 02/03/16 12:50, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have just noticed frequent rejection messages in the firewall log:
<0.4> 2016-03-02 12:53:42 Telcontar kernel - - - [170676.016540] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:21:85:16:2d:0b:f8:1a:67:91:f4:22:08:00 SRC=192.168.1.5 DST=192.168.1.14 LEN=348 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=10277 LEN=328
The originator is a secondary router which I use to provide WiFi in my network. The destination is my desktop computer.
The source port I can identify as "ssdp', but the destination port is not registered to any service. Should I open it, and would it give me any advantage?
https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as the Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments. It was formally described in an IETF Internet draft by Microsoft and Hewlett-Packard in 1999. Although the IETF proposal has since expired,[1] SSDP was incorporated into the UPnP protocol stack, and a description of the final implementation is included in UPnP standards documents.[2]
(I find it strange to open a port such as 10277)
I have started wireshark listening to traffic from 192.168.1.5, and I see it is sending those packages I see in the firewall, and others to 239.255.255.250, which I find strange. Must be a broadcast.
Some data extracted by wireshark:
1 11:46:10.048629000 192.168.1.5 192.168.1.14 SSDP 362 HTTP/1.1 200 OK
Frame 1: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits) on interface 0 Ethernet II, Src: Tp-LinkT_91:f4:22 (f8:1a:67:91:f4:22), Dst: Micro-St_16:2d:0b (00:21:85:16:2d:0b) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.14 (192.168.1.14) User Datagram Protocol, Src Port: 1900 (1900), Dst Port: 10277 (10277)Hypertext Transfer Protocol
- -- Cheers
Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlbW4asACgkQtTMYHG2NR9VMAgCfbEHs0gHiVyYoNjF5L34MDCyW yGEAnAlBXGqckPPEA+2UUbrht9gjg+zT =OZ5t -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org