Recommend:
To the knowledge base

Firewall reports attacks on TCP port 80 or 53805 or unsolicited packets of type 0x88e1

This guide deals with the following issues:

  • A firewall on a computer in the FRITZ!Box home network reports regular attacks ("Syn Flood", "Denial of Service (DoS)") on TCP port 80, 53805, or a different port between 50001 and 59999.
  • Every five seconds, a firewall or an application for analyzing network connections such as Wireshark reports packets of type 0x88e1 (EtherType).

Connections do not pose a security threat

The incoming connections do not come from the internet, they come from the FRITZ!Box and do not pose a security threat.

  • TCP Port 80:
    The FRITZ!Box uses TCP port 80 to check regularly whether computers or other devices connected to the FRITZ!Box offer web services accessible over HTTP, such as a user interface. The web services of these devices can be accessed directly under "Home Network > Mesh" in the FRITZ!Box user interface.
  • TCP / UDP port 53805 (or another port between 50001 and 59999):
    The FRITZ!Box uses TCP / UDP port 53805 or a different randomly chosen port between 50001 and 59999 to check regularly whether there are other FRITZ!Box models, FRITZ!Repeaters, or FRITZ!Powerline devices in the home network that are compatible with Mesh. Any such devices it finds are displayed in the FRITZ!Box user interface under "Home Network > Mesh".
  • Type 0x88e1:
    The FRITZ!Box uses packets of EtherType 0x88e1 to check regularly whether there are any FRITZ!Powerline devices in the home network. Any such devices it finds are displayed in the FRITZ!Box user interface under "Home Network > Mesh".

Note:If you do not want to receive these messages any more, configure the device's firewall to allow incoming connections to the respective port or packets of type 0x88e1. Refer to the manufacturer of the firewall for information on how to set it up, for example consult the manual.