Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Excessive Port 2190 UDP Firewall Log

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      caleb4643
      last edited by caleb4643

      For several weeks now at least my firewall logs have been flooded with these UDP port 2190 beacon packets. They are not coming from a consistent source IP address, yet they do all resolve to a server belonging to my ISP provider which is why I redacted them. Apparently, port 2190 UDP belongs to tivo discovery which I do not have, nor have I ever owned.
      811c5d4f-1005-4fd1-a5a7-d04d53a5a394-image.png

      It does not look like the firewall resources are overwhelmed yet.
      438e1afc-87a3-4379-b78a-e749fb90e677-image.png

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator @caleb4643
        last edited by

        @caleb4643 2190 UDP to a broadcast address (255.255.255.255) would most likely be

        https://www.speedguide.net/port.php?port=2190

        Could be some other isp user directly connected their tivo to the internet connection?

        Or there are many users - if your seeing multiple source IPs?

        If your seeing a crazy amount of it - you could contact your isp.. Normally they should have filtering setup so broadcast from customer A is not seen by customer B, etc.

        But there is always going to be noise on the internet.. So you could just set a rule on your wan not to log that traffic..

        I see lots of arps for example from other clients on my isp on the same L2 network as me.. Not just from isp router, etc.

        arp.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          caleb4643 @johnpoz
          last edited by

          @johnpoz Cool, that about answers that question. Thank you.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator @caleb4643
            last edited by

            @caleb4643 if your logging too much noise, you can always create firewall rules to not log that noise.

            I actually turn off logging of the default deny, and then just setup logging of what I am interested in seeing.

            So I log only SYN traffic for tcp, and udp I only log ports that are of interest to me.

            wanblocks.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              MarioG @johnpoz
              last edited by

              @johnpoz Just an FYI if anyone sees this too, I started here in the last month, floods of port 2190 from many (hundred?) IPs located near me. The problem with turning off logging is we won't know when it is corrected. Will contact Comcast about it.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator @MarioG
                last edited by

                @mariog said in Excessive Port 2190 UDP Firewall Log:

                Will contact Comcast about it.

                good luck with that ;) Please let us know what they say about, level 1 guy for sure is not going to be of much help.. You most likely will need to get escalated to level 3 support before they even have a clue to what your talking about..

                But I am very curious to what they say..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.