[Snort-sigs] report of false positives for "SCAN UPnP service discover attempt" rule

Daniel Surdu daniel_surdu at ...12...
Wed Jun 9 12:48:28 EDT 2004


# This is a report of false positives with regard to the following rule
#

Rule:
SCAN UPnP service discover attempt
--
Sid:
1917
--
Summary:
This alert is reported very often on my network composed entirely of Windows 
2000 Profesional systems, which do not have the UPnp service as in the case 
of Windows XP.
--
Impact:
High
--
Detailed Information:

--
Affected Systems:
Windows 2000
--
False Positives:
Although Windows 2000 has no Upnp support, alerts are generated 
continuously, every 30 to 60 min.

I found an article detailing the fact that "MSN Messenger Sends Endless UPnP 
Packets"
and this is the case on my network where all my users use MSN (all desktop 
systems on my network are Windows 2000 Pro) --> see complete article below

--
Additional References:

http://www.winnetmag.com/Article/ArticleID/24664/24664.html






More information about the Snort-sigs mailing list