Question Dropped Packets From Outside My Subnet?

Circa 3000 · Aug 25, 2019

Why would Windows Defender log dropped packets to and from IPs outside of my home subnet?

I enabled logging of dropped packets a few minutes ago to troubleshoot an unrelated issue and noticed numerous packets to and from IPs that aren't in any way associated with my network. My home network uses 192.168.2.0/24. Here's some of the entries:

2019-08-25 17:01:09 DROP UDP 192.168.20.173 224.0.0.251 5353 5353 69 - - - - - - - RECEIVE
2019-08-25 17:01:09 DROP UDP 192.168.20.1 224.0.0.251 5353 5353 112 - - - - - - - RECEIVE
2019-08-25 17:02:47 DROP UDP 192.168.20.173 224.0.0.251 5353 5353 69 - - - - - - - RECEIVE
2019-08-25 17:02:47 DROP UDP 192.168.20.1 224.0.0.251 5353 5353 112 - - - - - - - RECEIVE
2019-08-25 17:04:27 DROP UDP 192.168.20.144 224.0.0.251 5353 5353 69 - - - - - - - RECEIVE
2019-08-25 17:04:27 DROP UDP 192.168.20.1 224.0.0.251 5353 5353 112 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 51260 1900 454 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 51260 1900 463 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 51260 1900 520 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 40011 1900 524 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 33697 1900 502 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 38986 1900 454 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 38986 1900 463 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 38986 1900 520 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 42682 1900 524 - - - - - - - RECEIVE
2019-08-25 17:05:06 DROP UDP 169.254.69.104 239.255.255.250 41238 1900 502 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 38478 1900 452 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 38478 1900 461 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 38478 1900 518 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 37154 1900 522 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 58714 1900 500 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 50085 1900 452 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 50085 1900 461 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 50085 1900 518 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 34950 1900 522 - - - - - - - RECEIVE
2019-08-25 17:05:07 DROP UDP 169.254.72.4 239.255.255.250 57384 1900 500 - - - - - - - RECEIVE
2019-08-25 17:06:07 DROP UDP 192.168.20.173 224.0.0.251 5353 5353 69 - - - - - - - RECEIVE
2019-08-25 17:06:07 DROP UDP 192.168.20.1 224.0.0.251 5353 5353 112 - - - - - - - RECEIVE

Any ideas?

Any assistance is appreciated.

Ralston18 · Aug 26, 2019

Plug & Play devices.

Open the command prompt and run "arp -a" without quotes.

Then google any IP's that are dropping packets.

E.g., google" 239.255.255.250 SSDP"

Then modify the search criteria as necessary to drill down to more specifics.

Circa 3000 · Aug 26, 2019

Bullseye!

The "unrelated issue" I was troubleshooting involves Apple's Bonjour / mDNS service, which apparently uses 224.0.0.251. Hopefully, an exception or two in Defender will restore the service.

Very helpful.

Thank you, Ralston18!!!!

Search

Question Dropped Packets From Outside My Subnet?

Circa 3000

Distinguished

Ralston18

Titan

Circa 3000

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page