Asus 68u blocking udp action

[f00zzy]

Hi

Am getting the following warning from my asus router.

1130172 2017-02-12 13:34:57 96:819:7A:CX:4B UDP port 61195 is attacking 8.8.4.4 UDP port 53 ,this action has been blocked.

The node in question is a windows 10 system - however numerous scans on this device using windows defender, malwarebytes, windows malicious software removal are not showing up any malware.

Would anyone have any suggestions on where to look next ? or diagnostic tools that might help me narrow down the "attack"

tx

 

[ColinTaylor]

It looks like a normal DNS request to me. I thought it might be part of a DNS amplification attack but that seems unlikely as it's UDP not TCP.

Perhaps something in Windows is spamming DNS requests?

What is slightly odd is that the request is directly to Google's DNS server rather than your router. Did you set it up that way deliberately?

 

[f00zzy]

ya I've setup google dns server on dhcp so clients resolve off that vs my ISP.

wonder is there a way to narrow down what could be doing all the lookups.

 

[swetoast]

96:81:D9:7A:CX:4B

so what device in your own network has this mac id ?

also relying on trend micro is pretty in efficiant mostly cause it often just checks your own devices within lan.

for example if i use wifi on my rpi2 and its glitching it tends to set off trend micro saying that its attacking a port when it just has a bad connection.

 

[ColinTaylor]

ya I've setup google dns server on dhcp so clients resolve off that vs my ISP.

You'd get faster DNS lookups by pointing the router at Google's DNS and your clients at the router. You'd also get local name resolution as well which you'll be missing currently. It might also fix the warning messages if for some reason your ISP is blocking UDP DNS requests.

 

[f00zzy]

will try changing the router setup to see if that clears it.

Thanks for the advice

the device in question is a windows 10 hp laptop