Confusing UDP Firewall Blocks

Status
Not open for further replies.

AcidElement

Distinguished
Oct 30, 2011
134
0
18,690
Over the past few days I've noticed something odd about my firewall. There is an insane, and I mean unimaginable amount of ARP requests being blocked on my Comodo Internet Security 10 firewall if I have the anti-ARP spoofing setting on, and when its off there is an insane amount of UDP requests sourced from a local IP of 192.168.1.65 to the destination of a multicast IP of 239.255.255.250, assuming multicast ip of course from the 239 start.

Recently I was noticing some lag spikes in the game League of Legends, and a friend recommended the VPN Mudfish to download. But after downloading Mudfish things seemed to go weird where Windows 10 and explorer would start to flash, and I would notice my network icon go to WiFi then to Ethernet, then to WiFi back and forth as if the LAN network was disabling and re-enabling itself for about 3 seconds. This happened until I restarted the computer, which Windows 10 had an update, and thats when I noticed upwards of 1500 blocked ARP requests from multiple devices on my network ranging from iPhones to the Wii in the next room. This number when left alone over night reached upwards of 6000 network intrusions blocked from the same devices. Disabling anti-ARP spoofing causes the blocking to stop, only to be replaced by a constant barrage of UDP requests from the IP's above. I kept a close eye on the frequency this time, and the UDP requests happened every 3 seconds for 33 minutes.

RmoLazC.png


I am utterly confused at this point. I've ran a Windows 10 iso to repair to see if that helps, it didn't. I've added a new rule set to the "Windows Operating System" rules on my firewall to ask if any UDP or TCP requests came from a local source (192.168.1.0 - 192.168.1.255) before blocking it to see if that would work, and instead of alerting me like it should the lag in League of Legends became so bad that I was disconnecting for 5 seconds at a time every 20 seconds presumably from the volumes of network traffic still coming through and being blocked without my permission. I have even tried to trace the ip's, but the destination IP times out and the source IP doesn't even have a name or device associated with it.

ktKZ9Yf.png


nFbccSh.png


I want to figure out how to stop this madness. I've uninstalled Mudfish to see if that was the problem but it wasn't. Any information you need to help out, I will gladly provide.
 
Solution
Glasswire might more readily put the connection attempts into plain English, both from an application perspective, and to/from a country or origin....

https://www.glasswire.com/

(Glasswire's ability to easily block the connection from the free version has been removed, however, but, you might still be able to do your research with Glasswire, and blocking , if necessary, from within Windows firewall rules...
Glasswire might more readily put the connection attempts into plain English, both from an application perspective, and to/from a country or origin....

https://www.glasswire.com/

(Glasswire's ability to easily block the connection from the free version has been removed, however, but, you might still be able to do your research with Glasswire, and blocking , if necessary, from within Windows firewall rules...
 
Solution
Status
Not open for further replies.