I am working on removing old entries from our firewall and at one point port 7680 was opened for outbound traffic. I isolated the port in its own firewall rule and watched the log. It shows a fair amount of traffic for seemingly random IP addresses.
I did a packet capture and confirmed we are seeing random traffic to that port. Research shows that this traffic is typically Windows 10 update sharing and this is probably the case for the internal traffic on my packet capture. However, the PCs are sending packets to IP address that do not exist within our network. For example we don't use 192.168.1.X in our environment, but I have seen numerous PCs try to send to various 192.168.1.X addresses. This data then gets passed to the firewall as it is the default gateway.
Is there any legitimate use for port 7680? I didn't want to use the 'shut it down and wait for the screaming' method until I at least did some preliminary checking, but this is just so strange.
This thread was automatically locked due to age.
