Computer help needed, being flooded by port scans

For about the last 3 days, when I lock out internet access with my firewall, I start getting alerts that I am being port scanned to UDP 1900. Now this is not just a few, it is at the rate of over 100 per minute. The alert log is at 820 pages and growing, just from 12/21. And I have noticed a significant slowdown of access speed when the internet lockout is not engaged. The IP addresses seem to be the same 6 or 7, rotating randomly. I called tech support, and the only thing they could do was forward me to the abuse dept., who are off for the holidays.

Today, I tried something different. I unplugged the modem then booted the PC and locked out the firewall. I then got this alert, The firewall has blocked Internet access to the all routers multicast address (224.0.0.2) (ICMP Router Solicit) from your computer.

My questions are, why is my computer soliciting router multicasts? What is going on with the port scans and are they harmful? Is there any way to stop it?

I have already completed an anti-virus scan that was negative. My OS is Windows ME, and I have cable internet service from Charter.com

Any help or information will be greatly appreciated

Sounds like they are trying to exploit a vulnerability in Microsoft’s Universal Plug-And-Play feature - look here.

If you have configured your software or hardware firewall to block out these attacks, you can just ignore them. If the attacks become particularly egregious, note down the IP, keep a log of what was done and when, and mail the whole lot to the attacker’s ISP abuse desk. To find their ISP you can type the IP address into something like Sam Spade.

If your firewall is notifying you, it is a non-issue by definition. Your armed guard mowed the punk down and is telling you about it, that’s all. :slight_smile: Just be glad you have the firewall and turn off auto-notification if it bothers you, that’s all. (I know you can turn off auto-notification in ZoneAlarm, which is the recommended software firewall for Microsoft computers.)

I can second that. I use ZA and have turned off the scanning notification for the very reason mentioned above: If the firewall is doing its job correctly, I don’t need to know about it. ZA does create a log which can be read by Wordpad or some such text editor/viewer,

As an internet tech i hear this question a lot.

99% it comes from peopel with little friewall experience and it is just normal network noise yo are picking up…proxies, DNS etc.

Just trace back the ips and see if they are routers or actualy boxes

It is possible that your computer has a trojan or a worm. Run Ad-Aware and a virus scanner to check.

Urban Ranger I did the virus scan and ad aware and found nothing.

trader_of_shots I have used this firewall (with updates) for over 1 1/2 years, and never had this happen. It is not normal traffic. Up until 12/ 21, my alert log had about 100 entries, about 3 pages worth, it now has over 1000 pages worth of hits, in five days. Thanks for the reply from a tech support viewpoint, it’s more info than I got from Charter.

Derleth The only time I have any alerts is when I stop all internet activity. At times when I am online, the scans apparantly pass through unnoticed.

DarrenS Thanks for the links. I am going to try Sam Spade

Thank all of you for the information. If I can’t find any solutions with this info, I will just have to wait for the abuse team to work it out.