This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Stop UDP 14675 waterfall

After months and months of teethgrinding and not finding a good solution, I now realy want to know what to do about a few problems I find in my UTM.

I have a NAS disk in my network configured with static IP / DNS / Gateway ip's .
But something in this system is is continiously poking on the 255.255.255.255 broadcast adress. And this is driving me crazy.
I would like to know what can be done about the constant flow of UDP pokes on port 14675 ??? There are pokes on the UDP 137 and 138 also.

I tried firewall rules but this didn't help.
I have NO WINS server installed (on windows2008) and the DHCP setting in my UTM (UTM is DHCP server)
has wins on 0.0.0.0 and WINS Node type: B-Node (no WINS)

Here are the results of Network Protection on my UTM dashboard.
Source:
Total dropped packets: 28 226
host: 192.x.x.x
packets: 27130
percentage: 96.12%

Destination:
Total dropped packets: 28 226
dest1: udp/14675
destination: 255.255.255.255
packets: 25656
percentage: 90.89%

dest2: udp/137
destination: Internal (LAN) (Broadcast)
packets: 1080
percentage: 3.83 %

UTM Version: 9.105-9

This thread was automatically locked due to age.

Parents

0 HMaster over 12 years ago

Well this is a little grab out out the life log from the firewall.

The IP is from the NAS which is causing troubles. The dstmac's are both NIC's of the UTM firewall.

12:30:34 Spoofed packet UDP 192.168.x.x : 50342 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:34 Default DROP UDP 192.168.x.x : 50342 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:38 Spoofed packet UDP 192.168.x.x : 37816 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:38 Default DROP UDP 192.168.x.x : 37816 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:41 Spoofed packet UDP 192.168.x.x : 45315 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:41 Default DROP UDP 192.168.x.x : 45315 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:44 Spoofed packet UDP 192.168.x.x : 45909 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:44 Default DROP UDP 192.168.x.x : 45909 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:47 Spoofed packet UDP 192.168.x.x : 40523 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:47 Default DROP UDP 192.168.x.x : 40523 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:50 Spoofed packet UDP 192.168.x.x : 46999 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:50 Default DROP UDP 192.168.x.x : 46999 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:53 Spoofed packet UDP 192.168.x.x : 41945 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:53 Default DROP UDP 192.168.x.x : 41945 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:56 Spoofed packet UDP 192.168.x.x : 59583 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:56 Default DROP UDP 192.168.x.x : 59583 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:59 Spoofed packet UDP 192.168.x.x : 51239 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:59 Default DROP UDP 192.168.x.x : 51239 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8

I created a new firewall rule:

Source: 192.168.x.x
Service: 1:65535 dest 14675
Destination: Broadcast 255.255.255.255 / 255.255.255.255
Top
No Log

Reply

0 HMaster over 12 years ago

Well this is a little grab out out the life log from the firewall.

The IP is from the NAS which is causing troubles. The dstmac's are both NIC's of the UTM firewall.

12:30:34 Spoofed packet UDP 192.168.x.x : 50342 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:34 Default DROP UDP 192.168.x.x : 50342 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:38 Spoofed packet UDP 192.168.x.x : 37816 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:38 Default DROP UDP 192.168.x.x : 37816 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:41 Spoofed packet UDP 192.168.x.x : 45315 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:41 Default DROP UDP 192.168.x.x : 45315 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:44 Spoofed packet UDP 192.168.x.x : 45909 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:44 Default DROP UDP 192.168.x.x : 45909 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:47 Spoofed packet UDP 192.168.x.x : 40523 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:47 Default DROP UDP 192.168.x.x : 40523 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:50 Spoofed packet UDP 192.168.x.x : 46999 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:50 Default DROP UDP 192.168.x.x : 46999 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:53 Spoofed packet UDP 192.168.x.x : 41945 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:53 Default DROP UDP 192.168.x.x : 41945 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:56 Spoofed packet UDP 192.168.x.x : 59583 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:56 Default DROP UDP 192.168.x.x : 59583 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8 

 

12:30:59 Spoofed packet UDP 192.168.x.x : 51239 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e7 

 

12:30:59 Default DROP UDP 192.168.x.x : 51239 

 → 255.255.255.255 : 14675 

 len=74 ttl=64 tos=0x00 srcmac=0:a[:D]8:2:c:38 dstmac=0:2:55:b7:20:e8

I created a new firewall rule:

Source: 192.168.x.x
Service: 1:65535 dest 14675
Destination: Broadcast 255.255.255.255 / 255.255.255.255
Top
No Log

Children

No Data