[Snort-users] Unknown port traffic....

Clifford Durbin CDurbin at ...6996...
Tue Oct 15 12:35:02 EDT 2002


Group,
After a few weeks of on again off again looking at the problem noted below,
I have found the solution. This only effects the w2k server and xp users out
there. Even though the universal plug and play is disabled in xp and
supposedly not even installed on w2k the data packets are still broadcast.
You need to make a change in your registry to totally disable the "feature".
Microsoft Knowledge Base #Q317843... Excerpt:

Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectPlayNATHelp\DPNHUPnP
On the Edit menu, click Add Value, and then add the following registry
value:
Value name: UPnPMode
Data type: REG_DWORD
Value data: 2 
Quit Registry Editor and reboot



-----Original Message-----
From: Clifford Durbin 
Sent: Thursday, September 26, 2002 2:03 PM
To: 'Brian F. Vaughan'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Unknown port traffic....


Brian,

Thanks for the information. I stopped the IPSec service but still get the
same information. Not sure what service would be controlling h.323 though I
am looking. 

-cfd

-----Original Message-----
From: Brian F. Vaughan [mailto:bvaughan at ...6569...]
Sent: Thursday, September 26, 2002 12:19 PM
To: Clifford Durbin; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Unknown port traffic....


Clifford,

Port 1120 is used by Win2k for IPSec, this is the most likely cause for the
port activity you are seeing.

Brian Vaughan
IT Administrator
Wireless Generation, Inc.


-----Original Message-----
From: Clifford Durbin [mailto:CDurbin at ...6996...]
Sent: Thursday, September 26, 2002 2:35 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Unknown port traffic....


Can anybody give me some insight what the heck is using port 1120 and 1900?


More information about the Snort-users mailing list