Rule "Default block UPnP discovery" repeatedly stealthed by several IPs. UPD-Packages incoming

Norton Security | Norton Internet Security
1

Hi guys,

 

Since yesterday, I repeatedly get the following message in my history:

 

"Rule "Default block UPnP Discovery" stealthed (5.90.200.13, Port ssdp(1900) ). UDP-Package incoming."

 

The IP changes often, at first it was two different IPs, after I blocked them a third occured, which I blocked again, and today a fourth came up. Sometimes the Rule is also getting blocked instead of stealthed. The IPs are ALWAYS 5.xx.xxx.xx

I've found a few threads about this problem in the 360 area, but they all handled with 192 or 235 IPs, not with 5.

I can't trace the IPs with tracert, after the second ping, all I get are *s and Timeouts. Neither can one of my contacts trace them, two guys that are actually pretty skilled in dealing with problems like this. One suggested that the IPs might be spoofed.

I DID find out that all of the "attacking" IPs are somehow connected to a dutch Company, RIPE NCC. Anyone know what this might be?

 

Additionally, when it all started, the unknown IPs were attacking another Rule via Port 5355. For some reason, the entries have vanished from my history. I can't exactly recall what those rules were, but they have been stealthed and blocked often, spamming my history with about 3 or more entries per minute. I think the entries mentioned something about Default block ssdp and something with LLMNR. Some programs I didn't know about also seemed to have accessedt he Internet, one being services.exe, a windows File, I think.

Some of the attacks also had the target ccSvcHst.exe, Which seems to be a Norton file.

 

After blocking the first two IPs that were going for ssdp and LLMNR, the entries became less frequent. The third IP that sneaked in after an hour or so only caused 2 entries, which were about 20 minutes apart, and the fourth one that appeared today only caused 2 entries within one minute, then vanished. I blocked it anyway, just in case.

 

 

Am I being hacked, or is this just a more or less harmless bug I am experiencing? I'm afraid to log into any accounts, fearing that whatever seems to be attacking could give out my passwords and such (Even though I don't know what anyone would want with any accounts of mine oô). Help would be very, very, very appreciated.

 

EDIT: Forgot to mention: I'm using Windows 7 x64