eEye Digital Security

Event ID: BLINK-SFW-13
Severity: Low
Description: The firewall applied the default action
Remote Port: 520
Request: Denied
Remote IP: (my router internal IP & gateway IP)
Local Port: 520
Local IP: 192.168.0.255
Alert: No
Protocol: UDP

At times, the local IP is the IP of my computer; at times, the remote IP is one of the other computers on my small home network.

I understand port 520 is used for "the Datagram Protocol, a communications protocol for the Internet network layer, transport layer, and session layer."

But I don't understand why it is now being logged all the time. Is it normal to be attempting to access port 520 every 30 seconds? Should I just add a rule to allow the request and not log it? or deny it and not log it?

-Larry.

     Typically a router uses Port 520, known as "RIP", to pass their route data (from their routing tables) back and forth between eachother.  This allows routers to negotiate and pass data via the most efficient "path" to its final destination.  It is really not needed (or advised to have on) unless you have more than one router on your network.

     I would first go into your router configuration settings and make sure you have RIP disabled on it as a first step.  If it is, there are some other options you can try. 

 Wow!!!!

 Thanks so much. I never really "saw" that setting before. Now it's off, and no more events every 30 seconds!!!

-Larry. 

     Cool, glad it worked.  Oh and now that I think about it, make sure your "UnPNP" (Universal Plug n Play) is turned off too.  Seems a lot of the newer routers like to turn that on by default and that is something you do not want on unless you do it intentionally.

Thanks. Have done so -- it's not a newer router, so wasn't a problem.