Yes I read your post. Agreeing with it in my post earlier. For the record with the UDP 17 issue. Here is a listing of ALL ports assigned by IANA:
This is a list of TCP and UDP port numbers used by protocols for operation of network applications. The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) only need one port for bidirectional traffic. TCP usually uses port numbers that match the services of the corresponding UDP implementations, if they exist, and vice versa.
The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses, However, m...
UDP(17) is just a preferred delivery “protocol” being used, as it is bi-directional, random ports appears to be the other hard coded “fast time to delivery” aspect of what is being seen. Nothing we can do even to prevent the logging though. Not that I can find. What I have tested that can be done entirely disabled the internet connectivity on my testing device.
I did find a very old post where this appeared for at least one Norton user in 2013 yet went unanswered.
So I just got home and turned on my laptop, Norton updated. After that I noticed a lot of lag and such which is strange for this computer. I never got any warning that it was beginning a system scan because I usually DO notice lag during that but nothing like this. I checked Norton's history and there's a sudden string of "rule rejected udp(17)" happening EVERY second. They just won't stop. And Norton's process in task manager is really high, like it's doing something but it isn't as far as I ca…
Another older post is here from 2014: Also unanswered
The Recent History view of my Security History is full of 'Rule rejected UDP(17) traffic with (192.168.1.nn Port (nnnnn) )' events. This makes the Recent History view unreadable. Two issues: As these events relate to 'Default Block LLMNR' traffic, shouldn't the words 'Default Block LLMNR' appear in the Activity Name rather than 'Rule rejected UDP(17) traffic'? The same events in NIS version 20 are listed as 'Rule "Default Block LLMNR" stealthed (192.168.1.nn, Port (nnnnn) ). Inbound U…
I am contantly (more than one a second) having the following entry, or someting very similar, in NIS "Security History". Can anyone plaease assist? All are noted by NIS as "No Action Required".
Another from 2015:
Hello Community
This busy Firewall Activity is back...10 non stop pages filled in 37 minutes.
Any thoughts. Is this noise ? UPnP enabled in router by default (no option to disable) and disabled in services. SSDP Discovery is Running from Manual. My Network IP is 192.168.1.100
4/2/2015 7:50:03 PM,Info, Rule rejected UDP(17) traffic with (192.168.1.100 Port ssdp(1900) ),Detected,No Action Required,Firewall - Activities,,,,,,
same repeated activity
4/2/2015 7:13:32 PM,Info, Ru…
Ever since this morning after installing a game I've been having this spam Norton history:
Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category
30/03/2015 7:59:25 a.m.,Info, Rule rejected UDP(17) traffic with (192.168.1.254 Port ssdp(1900) ),Detected,No Action Required,Firewall - Activities
Firewall rule was matched:<br> Rule Name: Default Block UPnP Discovery<br> Rule Action: rejected<br> Rule Severity: normal<br> <br> Traffic Details:<br> Proto…
In the above older posts the issue appears to be UDP 17 being rejected, now its being utilized and logged. Amazing changes!!
SA
1 Like