For the latest on our response to Coronavirus (COVID-19), click here.
Unrecognized device sending traffic on local network
I made some wireshark captures of local network traffic and noticed a significant amount of traffic coming from an ip address I don't recognize. The ip address in question is 192.168.1.1. I'm using a NVG599 router and the DHCP server on the router is configured to hand out ip addresses in the 192.168.1.64 - 192.168.1.253 range. The ip address for the router configuration is 192.168.1.254 and all known devices are accounted for in the ip allocation table. I haven't assigned any static IP addresses. Based on the packet captures I can see that this address is sending packets to an external public ip address, usually on port 1900, which leads me to think it might have something to do with uPnP. If it is uPnP related, I would like to disable this feature entirely, but I don't see any options in the router configuration related to uPnP. Maybe this is just normal behavior for this type of router and nothing to be concerned about, but it does look vaguely like it could be traffic from some sort of malicious botnet. Has anyone else seen similar traffic on their systems or know more about this?