Router log stuff

Perks · Nov 3, 2014

Okay, my little techie sweethearts, does this mean anything to you? (I've got Windows Defender's realtime protection on and a full scan is revealing no objectionable items.)

On our router log, there's a whole mess of entries around my computer and my phone (we have several other devices and computers on our home network.)

What's this, eh precious?

[UPnP set event: add_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:21:33

[UPnP set event: del_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:21:33

[UPnP set event: add_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:21:02

[UPnP set event: del_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:21:02

[UPnP set event: add_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:20:24

[UPnP set event: del_nat_rule] from source 192.168.**.***, Monday, November 03, 2014 16:20:24

(asterisks are numbers, of course)

alleycat · Nov 3, 2014

I can't really answer your question, but UPnP is Universal Plug and Play. Is anyone using gaming software at your house?

If not, you might want to disable UPnP. But wait until someone with more knowledge than I have replies.

Dennis E. Taylor · Nov 3, 2014

Is it all the same IP address? And have you identified which gadget it refers to?

Anyway, something keeps deleting and re-adding a Network Address Translation rule. Maybe because the attempt keeps failing. Every 30 seconds.

BTW, you don't have to mask the IP numbers. 192.168 is a specially designated local IP range. Everyone has the same numbers in their internal network. They can't be used to get into your network because they're designed to be not routable from the outside.

Perks · Nov 3, 2014

Yeah, it's all the same IP and that device is my computer.

When I put the string into Google (with both add & del) there is some indication that this is a Windows 8 thing. My computer is the only one running Windows 8 and the virus/malware scan is clean. Maybe something with the cloud? (Whatever the !%#@& the cloud is.)

I'm just super paranoid, because many moons ago, my machine got a virus and I spent the better part of a week rebuilding my set up. I've been twitchy ever since --- and also super careful.

Angry Guy said:
Is it all the same IP address? And have you identified which gadget it refers to?

Anyway, something keeps deleting and re-adding a Network Address Translation rule. Maybe because the attempt keeps failing. Every 30 seconds.

BTW, you don't have to mask the IP numbers. 192.168 is a specially designated local IP range. Everyone has the same numbers in their internal network. They can't be used to get into your network because they're designed to be not routable from the outside.

Perks · Nov 4, 2014

alleycat said:
I can't really answer your question, but UPnP is Universal Plug and Play. Is anyone using gaming software at your house?

I forgot to answer this one - nobody does any gaming around here. Zero fun allowed under this roof.

stephenf · Nov 4, 2014

Hi
I can't answer your question , but I have lost fath in windows defender . I't was OK a few years ago but it has become too weak for the job and doesn't offer the best protection .I would suggest you try somthing else .

Dennis E. Taylor · Nov 4, 2014

I couldn't find anything ominous with a quick googling. Most opinions seem to be that uPNP does this if it's enabled on your PC. (And it's not worth the headache of disabling it). If it was me, I wouldn't rest until I'd tracked it down and killed it, but I'm OCD that way.

The thing is, any malicious software wouldn't have to go through that trouble to get out, so it's more likely something legitimate but brain-dead.

Williebee · Nov 4, 2014

The entries are most likely being triggered by the UPnP service that runs as a part of Windows 8.

You could turn that service off. HOWEVER, if you have a printer (for example) that you plugged into the computer (or connected wirelessly) that you just turned on and it "automagically" worked, odds are that turning off the service would also turn off the "automagic".

More information than you asked for:

This --

BTW, you don't have to mask the IP numbers. 192.168 is a specially designated local IP range. Everyone has the same numbers in their internal network. They can't be used to get into your network because they're designed to be not routable from the outside.

is not entirely accurate. 192.168.x.x is the default internal Class C range. Doesn't mean everybody has it. (Actually, the closest you'd get to "everybody has it" would be APIPA - 127.X.X.X - the range that most operating systems default to if they don't find a range to assign.)

If you've got a wireless access point, broadcasting the SSID (telling the world that is within broadcast range the name of your access point) then somebody sitting on the street MIGHT be able to assign their network card that connection and configure it to use another address in your range.

If it isn't broadcasting, it could still be "sniffed" and hacked into. But not broadcasting your SSID is kind of like the idea of locking your car -- encouraging the thief to move along to easier pickings.

Router log stuff

Perks

delicate #!&@*#! flower

alleycat

Still around

Dennis E. Taylor

Get it off! It burns!

Perks

delicate #!&@*#! flower

Perks

delicate #!&@*#! flower

stephenf

Dennis E. Taylor

Get it off! It burns!

Williebee

Capeless, wingless, & yet I fly.