Can someone help explain why packets like the following UDP packet would be picked up during a trace on my small local network. These appear to be coming in off of an Adelphia Cable Internet connection, through a Linksys Modem and a Linksys BEFSR41 router (v2 at firmware 1.46.02). These packets are not seen when the modem is powered off. The three systems on the local network do not have any SLP or UPnP services running (SSDPSRV removed on the Windows ME systems). UPnP Services in the router are Disabled. The BEFSR41 router is basically set with default settings (WAN blocking enable), but with the new Filter IDENT(port 113) function Enabled to stealth port 113. (GRC.com shows all TCP/IP ports stealth) There are no UPnP Forwarding ports enabled. I was under the impression that a Linksys router would block all UDP packets like this from entering the network from the WAN? The interesting things in the following trace is that the first MAC address is the MAC address of the router, but the second MAC address is not even close to any MAC address on the network, router or modem. And the source IP address (69.163.179.77:60998) was close to current dynamic IP of 69.163.179.29 at the time the trace was made, but not close enough that it should be passed through the router. I also see other larger UDP packets from IP addresses close to my IP address, but going to different IP addresses around the world. I would not expect to be seeing any of these getting through and consider them to be a potential security problem. 03:17:50.679030 00:06:25:6e:bd:d9 > 01:00:5e:7f:ff:fd, ethertype IPv4 (0x0800), length 91: IP (tos 0x0, ttl 254, id 23625, offset 0, flags [none], length: 77) 69.163.179.77.50998 > 239.255.255.253.427: [udp sum ok] UDP, length: 49 0x0000: 4500 004d 5c49 0000 fe11 7768 45a3 b34d E..M\I....whE..M 0x0010: efff fffd c736 01ab 0039 8c10 0201 0000 .....6...9...... 0x0020: 3120 0000 0000 16c0 0002 656e 0000 0017 1.........en.... 0x0030: 7365 7276 6963 653a 6469 7265 6374 6f72 service:director 0x0040: 792d 6167 656e 7400 0000 0000 00 y-agent...... The systems have all been checked several times for virus, Malware or Trojans. There is no outbound packets being sent. Is this type of packets normal? The result of malformed packet attacks? And should they be getting through the default router setup? Is there something simple that I am missing that can block these SLP requests and other UDP packets I have detected getting through the modem/router

UDP packets are generally not harmful, they can be caused by time updates, random DNS requests, control signals to routers, firewalls etc. You could try blocking the specific port for UDP traffic that these packets are using, if this causes a problem with an application or service on your network you know what the packets were for! If not then just leave them blocked. Wizard ICT. Microsoft Certified Professional