Computer Security & Viruses/UPnP?

Advertisement


Question
Hello ,



I am using Windows XP and Privatefirewall 7.0.Today when I was viewing my firewall log, I noticed there had been incoming UDP packets from IP address 192.168.1.1 , which if I'm right is my router.My laptop is connected to the router via Wifi.The internet
connection is private and Im not using other devices so I don't understand why my router sent me UPnP packets.

So in the advanced report it says:

Remote IP: 192.168.1.1:1900(UPnP)
Local IP:  192.168.1.2:1912
Protocol:UDP(17)

So my question would be:
Do you think this was a hacker?
Are there any other reasons?
Thanks.

Answer
You suspicions may well be correct.

Do you have an XBox on your network? It uses port 17 to maintain a peer-to-peer link (XBox Live).

The other legitimate reason for these packets is if you have subscribed to a "quote of the day" (QOTD) message service.

If you do not have an XBox or do not normally receive a popup box with a quote of the day each day, then there is no good reason for those packets.

Criminals will use this service to display a message to the victim that is false, for example a message that your computer has been infected with a virus and you need to send money to some company you never heard of in order to remove the virus.

A solution is to disable port 17 traffic at your router, if it has a control panel that enables you to open or close ports. Alternatively, your firewall may allow you to reject all packets addressed to port 17.

Computer Security & Viruses

All Answers


Answers by Expert:


Ask Experts

Volunteer


Carolyn Meinel

Expertise

I cover Windows, Linux, TCP/IP and Ethernet security questions. I do not cover Mac, smart phones, or other networking issues.

Experience

Books by Carolyn Meinel: wrote a chapter for The Hacking of America book (see http://www.amazon.com/exec/obidos/ASIN/1567204600/happyhacker) My article Code Red for the Web for Scientific American was reprinted in the book Best American Science Writing 2002 (see http://www.amazon.com/exec/obidos/ASIN/0060936509/happyhacker). My book The Happy Hacker: A Guide to Mostly Harmless Hacking is now in 4th edition with a Japanese edition (see http://happyhacker.org/hhbook/).

Organizations
IEEE, AAAS

Publications
See a list with some online links at http://cmeinel.com

Education/Credentials
MS, Industrial Engineering, The University of Arizona Took a course in computer forensics at the University of Texas at Austin/

Past/Present Clients
DARPA, SAIC, Palmer Labs

©2016 About.com. All rights reserved.