[Snort-users] SCAN UPnP service discover attempt
snortuser at ...9376...
Wed Jun 4 07:20:11 EDT 2003
There are two hosts on this network that every 5 seconds or so cause
snort to alert
[**] [1:1917:4] SCAN UPnP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
each alert is repeated 3 times from each host to the same destination
(the gateway router on this network)
Both of the hosts are running Windows XP and Snort is running on
I see on the snort.org site what this is SID:1917 - but the part that
troubles me is the False Positive and False Negative sections -
False Positives: A scanner may be used in a security audit.
False Negatives: None Known.
If this is the case why am i seeing these hosts "ticking" like this?
Any help on this matter would be much appreciated, I've rtfm and googled
and checked the mail archive yet i find no answers to my quandry.
More information about the Snort-users