1 Reply Latest reply on Jun 16, 2010 1:01 PM by newjack

    Incoming Events in "History and Logs"

      Recently, one of my hotmail accounts was used to send out a spam email to my contacts.
      When this came to my attention, I ran McAfee and several other mal/adware programs to check if there was something on my laptop.
      Nothing of significance was found.
      My questions for you today is in regard to the "incoming and outgoing events" log on McAfee Total Protection.

       

      Looking through previous entries recorded in the "INCOMING EVENTS" log, "SSDP" events from source IP 192.168.1.254
      is recorded EVERY 10 minutes. Nothing is recorded when the laptop is off.

       

      It says "A PC at 192.168.1.254 has tried to access one of your system ports (UDP port 1900). If you want to allow this traffic, either trust the IP address or open the port in the System Services in Firewall."

       

      And underneath that "UDP port 1900 is commonly used by the "SSDP" service or program. SSDP is used to provide remote installation services. The protocal was designed to simpilfy administration bu allowing you to install a device on your LAN and in turn have it install itself onto all computers on the LAN. The original implementation was flawed and exposed a security risk. A security patch was released for Windows ME, 2000 and XP to fix several serious issues. However, opening port 1900 to the internet is generally not wise even with a patched system. If you are a school LAN or share several systems, you may see three events per system every few minutes. This can be ignored. If you do not see three times for the same system (on average) then you may wish to report this as attack. If you need to open this port, it be opened via "System Services"".


      McAfee Total Protection was installed on this laptop in late March 2010.

      These "SSDP" events from source IP 192.168.1.254 started popping up on June 10, 2010.

      Prior to June 10, there were NO "SSDP" events recorded in the "INCOMING EVENTS" log at ALL.

      And since June 10, almost ALL of the entries recorded in the "INCOMING EVENTS" log are these "SSDP" events.

      NON "SSDP" events are now RARE, rather than the norm AFTER June 10.

      So my question is...Is this normal? Or is there someone trying to hack into my laptop?

      On another laptop, "SSDP" events have been recorded in the "INCOMING EVENTS" log ever since McAfee was installed on the computer.

       

      Also, there are no records in the "OUTGOING EVENTS" log at all. Not one.
      Is this normal?

       

      Any comments would be greatly appreciated!

        • 1. Re: Incoming Events in "History and Logs"

          Hey ben-oliver86,

          I have had these myself.I have even had a 192. # asking for permission to be granted access.As public or standard which i denied.Also if you scroll through you may also see a computer at so and so has sent invalid packets to your computer.From what i have been told(more then once)The computer is safe.These connections are not...........getting through.I know,sounds odd to me also.But i am experiancing so many Mcafee problems I probabley would not be the right person to answer this.I am sure someone else may know.I have even seen inbounds that have said you may want to consider reporting this.To who??Of coarse It does not say.The information is very confusing & you will recieve conflicting info all the time.If your system is running o.k you are doing good.I would also use alternate security.Malwarebytes ect.                          good luck Jack