[Snort-users] SCAN UPnP service discover attempt

Mark Williamson snortuser at ...9376...
Wed Jun 4 08:15:19 EDT 2003


Hi, I have disabled SSDP in controlpanel->services->SSDP Detection Service 
on one of the machines (192.168.2.10) - But i am still seeing the same ticking effect 
same as on the host that doesn't have this service disabled. 

Again I am lost with no clue, 

Any ideas? 

Thanks again

Mark 


[**] [1:1917:4] SCAN UPnP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3] 
06/04-16:15:11.097117 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAE
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:928 IpLen:20 DgmLen:160
Len: 132

[**] [1:1917:4] SCAN UPnP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3] 
06/04-16:15:11.097261 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAF
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:929 IpLen:20 DgmLen:161
Len: 133

[**] [1:1917:4] SCAN UPnP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3] 
06/04-16:15:11.599529 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAE
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:950 IpLen:20 DgmLen:160
Len: 132

<snip>

>
>Just disable the ssdp service on the Windows XP and it will stop the
>discovery process. UPNP is the new Universal plug and play feature (thanks
>again M$) that try to discover new hardware on the LAN. For more information
>on this subject you can get an eye on http://grc.com/unpnp/unpnp.htm
>  
>
</snip>



>My 0.02$
>
> 
>
>M. Bruyere
>
>
>
>  
>





More information about the Snort-users mailing list