[Snort-sigs] report of false positives for "SCAN UPnP service discover attempt" rule
daniel_surdu at ...12...
Wed Jun 9 12:48:28 EDT 2004
# This is a report of false positives with regard to the following rule
SCAN UPnP service discover attempt
This alert is reported very often on my network composed entirely of Windows
2000 Profesional systems, which do not have the UPnp service as in the case
of Windows XP.
Although Windows 2000 has no Upnp support, alerts are generated
continuously, every 30 to 60 min.
I found an article detailing the fact that "MSN Messenger Sends Endless UPnP
and this is the case on my network where all my users use MSN (all desktop
systems on my network are Windows 2000 Pro) --> see complete article below
More information about the Snort-sigs