What's new

Asus ZenWiFi XT8 SSDP packets flood

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

johny_2000

Occasional Visitor
Hello,

I have a problem with a node device on this router.
It's flooding the attached to LAN1 PC with tons of SSDP packets every tens of seconds.

Here's the log file from the PC:
============================================================================================
Dec 15 18:05:31 kernel: [16760.044712] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=36757 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:05:55 kernel: [16784.049400] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=49489 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:14 kernel: [16803.050064] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=58433 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:35 kernel: [16824.047655] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=5038 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:06:51 kernel: [16840.046137] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=7169 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:13 kernel: [16862.049881] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=19950 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:34 kernel: [16883.050188] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=26770 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281

Dec 15 18:07:51 kernel: [16900.046965] [UFW BLOCK] IN=eno1 OUT= MAC=1c:69:7a:62:a0:c5:d4:5d:64:4c:28:80:08:00 SRC=192.168.1.16 DST=192.168.1.127 LEN=301 TOS=0x00 PREC=0x00 TTL=64 ID=36633 DF PROTO=UDP SPT=1900 DPT=60677 LEN=281
============================================================================================

The Asus node IP-address: 192.168.1.16
MAC: d4:5d:64:4c:28:80

The PC IP-address: 192.168.1.127
MAC: 1c:69:7a:62:a0:c5

I have UPnP disabled in the settings.
I also turned off UPnP Media Server and IGMP snooping.
But nothing helped and it still does it now.

What else can be?
 
So, I used WireShark to sniff for packets from the Asus ZenWiFi node device and found that the WPS service continues to send SSDP messages even though I have WPS disabled for all frequency bands.

<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
<manufacturer>ASUSTeK Computer Inc.</manufacturer>
<modelName>Wi-Fi Protected Setup Router</modelName>
<modelNumber>ZenWiFi_XT8</modelNumber>

<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
<SCPDURL>wps_scpd.xml</SCPDURL>
<controlURL>wps_control</controlURL>
<eventSubURL>wps_event</eventSubURL>
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top