Asus ZenWiFi XT8 SSDP packets flood

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

johny_2000

New Around Here
Hello,

I have a problem with a node device on this router.
It's flooding the attached to LAN1 PC with tons of SSDP packets every tens of seconds.

Here's the log file from the PC:
============================================================================================
Dec 15 18:05:31 kernel: [16760.044712] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=36757 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:05:55 kernel: [16784.049400] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=49489 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:14 kernel: [16803.050064] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=58433 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:35 kernel: [16824.047655] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=5038 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:51 kernel: [16840.046137] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=7169 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:13 kernel: [16862.049881] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=19950 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:34 kernel: [16883.050188] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=26770 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:51 kernel: [16900.046965] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=36633 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281
============================================================================================

The Asus node IP-address: 192.168.1.16
MAC: d4:5d:64:4c:28:80

The PC IP-address: 192.168.1.127
MAC: 1c:69:7a:62:a0:c5

I have UPnP disabled in the settings.
I also turned off UPnP Media Server and IGMP snooping.
But nothing helped and it still does it now.

What else can be?
 

johny_2000

New Around Here
So, I used WireShark to sniff for packets from the Asus ZenWiFi node device and found that the WPS service continues to send SSDP messages even though I have WPS disabled for all frequency bands.

<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
<manufacturer>ASUSTeK Computer Inc.</manufacturer>
<modelName>Wi-Fi Protected Setup Router</modelName>
<modelNumber>ZenWiFi_XT8</modelNumber>

<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
<SCPDURL>wps_scpd.xml</SCPDURL>
<controlURL>wps_control</controlURL>
<eventSubURL>wps_event</eventSubURL>
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top