[SOLVED] IP Address hammering LLMNR

[HX1]

So every 9 seconds or so... I get approximately 10 requests sent to 224.0.0.252:5355 from 5.246.103.236 varied port numbers..

The source is the 5.246.103.236 ( Resolves as Etihad Etisalat Company (Mobily) stated as Mobily/Irdeto in PB ) and is located in Saudi Arabia... which is strange to me.. and the destination happens to be Link-Local Multicast Name Resolution ( 224.0.0.252:5355 ) it also occasionally connects to 5.255.255.255:137.

I have found several places explaining exactly what the destination is.. LLMNR.. not the other on 5.255.255.255:137 which is a NetBIOS port number but not a part of my subnet unless this is coming in from my phone in some way but I find that hard to believe when it is connected to my WiFi and no double network is allowed unless I am using the Hotspot... so that explanation was out..

SO I am wondering if anyone has clue as to what this is and if I need to take other measures here.. It is currently bouncing off my PeerBlock filter like a madman... and if there is any other information on this.. currently it is running up bandwidth usage.. a ping at a time but is constant every 9 seconds.. with a blast of no less than ten request.. almost all in a seconds time.. and then a short 9 seconds or so and then again..

I would ultimately like this to stop being the main goal.. unless it is a necessary evil.. ( which I do not believe in here )

[Sylence]

First you need to tell us where you are now.

btw, Etihad Etisalat Company means: union connection company

[tiliarou]

Dunno what you mean by "union connection company". Etisalat is a telecom provider and one of the Internet hub in Middle East. It is a strong provider in UAE (where it is incorporated originaly).

If you keep receiving ping from an IP in Saudi whereas you are not there and if your provider is not Etisalat, it seems like someone is trying to test your connection for opened ports maybe ?

[Sylence]

Dunno what you mean by "union connection company". Etisalat is a telecom provider and one of the Internet hub in Middle East. It is a strong provider in UAE (where it is incorporated originaly).

If you keep receiving ping from an IP in Saudi whereas you are not there and if your provider is not Etisalat, it seems like someone is trying to test your connection for opened ports maybe ?

That's the meaning of "Etihad Etisalat Company"

[straycat19]

Turn off your mobile data and leave your wifi on and see if this still occurs. The reverse them, turn off wifi and turn on mobile data, and check. This will help narrow down if it is being produced by your telecom or not.

[HX1]

Well I have something else to throw in there... ( I am in the US BTW )

Last night I had multiple issues occur... I had bonded two NIC together for load balancing in my NAS.. It could be reached on my network.. BUT I was missing a DNS entry.. ( did not know this until later )..anyway I noticed that my ReadyCLOUD App said I was offline, this app also incorporates a Leaf Network adapter which is a software driver.. I right-clicked the adapter to see if there was an issue and gave me an address in a residential section of Romania... BUT.. it starts with 5.13.213....but it always says it has no connectivity yet says it has an IP... starts to get weird right in here...so I tried to unbond the two cards thinking it was that which caused the problem.. the app was messed up in the admin console so I had to run a half ass reset start of the NAS after struggling for 30 minutes to get it to undo.. the settings button was way up top in the corner from where it was supposed to be.. suddenly after the reset it straightened out and would delete the bond... After that and even trying several reboots.. the ReadyCLOUD app connects and I can access the online web console..well about the time I got this lined out I was.. and all of this hitting on my network stopped... I might add... The internet ( which stated all was fine ) stops working.. No nsaneforums.. and I tried..probably about 10 other places.. while the ReadyCLOUD app showed it was online and fine..

SO.. I shut it all down.. router, repeater, tablets devices.. alarm.. phone.. all of it.. rebooted this morning and all seems fine.. except my NAS .. the admin console says there has been an error and I will probably have to reinstall its OS to fix it but.. I think I was the cause of that...

I am thinking that the malfunctioning Leaf Network has something to do with the traffic.... but I have been having some weird thing like this happen.. RaLink Clients showing up all over ( MAC resolves as a VIZIO TV I don't have.. ) Phones and NAV systems showing up... that I don't have a clue who or where they are from... the only thing I can figure out is that I am picking stuff up from farther away.. My router reaches as far if not farther than my repeater and it has a 10,000 sq ft radius... so I have been adding a few blocks in to access just to be sure they do not connect...

EDIT: Take that back I am getting more of it again.. just not nearly as bad..

[straycat19]

What brand and model of router are you using and firmware build currently installed on it?

[HX1]

NETGEAR Nighthawk X6 R8000 AC3200 ... Current Firmware, coupled with NETGEAR Nighthawk X6 EX7000 Range Extender with latest firmware. Also the Leaf Network is installed with the ReadyCLOUD Software.. Which is installed for the NETGEAR RN31600-100NAS.. has two Ethernet Cards... ReadyCLOUD signs in to the account online and enables access to the NAS from anywhere ( therefore the 'CLOUD' ) The router and repeater both have this option.. with USB 3.0 in all three.. but the router and extender are more direct in access...

[straycat19]

I quit using Netgear routers because of the NetUSB bug that affects them and cannot be repaired by firmware. The router is even at risk when usb is disabled. I had two R7000 that I replaced with Linksys WRT1900AC and WRT1900ACS. I have 4 ethernet attached NAS and 2 USB 3 attached NAS and I access them differently. The ethernet are assigned an IP and using noip.com I can access them remotely anywhere. The USB NAS are attached to a computer (removed them from the router after the bug was made public) and are accessed by remote desktop. I don't trust the cloud and don't see how it would be as fast as a direct connection with your device. But to each their own.

I think your best source of information, in the absence of experience with your particular devices, would be at

http://www.readynas.com/http://www.netgear.com/business/products/storage/readynas/

Sorry I couldn't help you.

[HX1]

Well rest assured for my particular devices the latest firmware DID patch the bug which could only be utilized from with the local network.. or being physically present.. The R8000 in particular was listed as being repaired .. ( and now they have the R8500.. 5.3 GB/s.. LOL...I know that some of the lower end routers were not able to be patched... I have my NAS connected via Ethernet.. the cloud is for when I am away but the program makes sure connectivity is in place.. odd that you can connect yours vis USB... as a peripheral device... would be nice to get USB 3.0 transfer speeds on mine.. but I don't think that is actually possible. at least not on the 316...maybe through the mini sata but again I believe that port is for expansion..

I hate bottlenecks....

Anyway I will mark this as resolved anyway...