Odd router warning

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Odd router warning

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#275760 8-Sep-2020 10:02

Hi all

Im seeing an odd warning in the logs of my router, address seems to be within my network, however there is no device allocated to that address?

|Security|Warning|Detect UDP port scan attack, scan packet from 192.168.8.200

How do i best troubleshoot this to stop it occurring?

Referral Link Quic

Free Setup use R502152EQH6OK on check out

nztim

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#2560110 8-Sep-2020 10:10

Thats an internal IP I would check for Malware on your devices

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#2560115 8-Sep-2020 10:23

It's always .200 which is the highest the range is set to.

Is there a general method to tracking down the root cause? it cant be pinged and there is no device associated with that address being leased...ever?

EDIT-Found it, its an HDR. I'm learning slowly to understand this sort of stuff.

If its being picked up as a warning, its it necessarily bad?

Referral Link Quic

Free Setup use R502152EQH6OK on check out

gbwelly

1263 posts

Uber Geek
+1 received by user: 776

#2560125 8-Sep-2020 10:39

hsvhel:

it cant be pinged

give it a ping and then do an arp -g

If it's real then you should get a MAC address in the arp cache. You can then look up the oui to see the manufacturer of the network adapter in it.

http://standards-oui.ieee.org/oui.txt

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#2560133 8-Sep-2020 10:44

gbwelly:

hsvhel:

it cant be pinged

give it a ping and then do an arp -g

If it's real then you should get a MAC address in the arp cache. You can then look up the oui to see the manufacturer of the network adapter in it.

http://standards-oui.ieee.org/oui.txt

Thanks, have found it. need to assess why its doing it

Referral Link Quic

Free Setup use R502152EQH6OK on check out

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2560145 8-Sep-2020 10:57

What was it?

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#2560149 8-Sep-2020 11:05

timmmay:

What was it?

HDR for cameras, looking into why its occurring with suppliers. Need to understand why its happening and if its a real risk or one the router is flagging but in reality is not

Referral Link Quic

Free Setup use R502152EQH6OK on check out

Dyson

Shop now for Dyson appliances (affiliate link).

nztim

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#2560248 8-Sep-2020 12:43

hsvhel:

timmmay:

What was it?

HDR for cameras, looking into why its occurring with suppliers. Need to understand why its happening and if its a real risk or one the router is flagging but in reality is not

I have had situations where Ricoh Printers "call home to report pages used and toner levels" trigger IPS alerts in a Sonicwall and the connection is blocked when infact it is genuine - Had to put in an exception in for it, you will often get False positives with these things

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#2560307 8-Sep-2020 13:51

Interesting, i suspect this maybe doing the same to some degree. Although i don't see why it needs to?!? And if it does, what exactly it's intending to send (for privacy reasons)

Referral Link Quic

Free Setup use R502152EQH6OK on check out