Why does my router log crazy amounts of blocked traffic on port 1701?

Posted by Vlad Seghete on Super User See other posts from Super User or by Vlad Seghete
Published on 2011-11-23T05:45:35Z Indexed on 2011/11/23 17:55 UTC
Read the original article Hit count: 190

Filed under:
|
|
|

I have a 2701HGV-B 2Wire modem and router (AT&T). The log is basically full with entries similar to the following with a time between a fifth and a third of a second between entries:

src=86.156.7.170 dst=xxx.xxx.xxx.38 ipprot=17 sport=6882 dport=1701 Unknown inbound session stopped
src=58.176.22.252 dst=xxx.xxx.xxx.38 ipprot=17 sport=21573 dport=1701 Unknown inbound session stopped
src=91.221.6.250 dst=xxx.xxx.xxx.38 ipprot=17 sport=25902 dport=1701 Unknown inbound session stopped
...

where the source IP will be different for every entry. The entries accumulate constantly, every single second that the router is on several of them appear in the log. The destination is the WAN address for my router. I understand that this is somehow related to VNCs, but I don't know enough to figure out why my router is getting bombarded with requests for a VNC session. Is there anything fishy going on or is this normal? If it is normal, how do I keep these entries from spamming my log files? Since there's about two or three of them every second, everything else gets drowned out.

© Super User or respective owner

Related posts about router

Related posts about logging