[Snort-users] SCAN UPnP service discover attempt
Schmehl, Paul L
pauls at ...6838...
Wed Jun 4 08:49:09 EDT 2003
Unless you really use it, I would disable the UPnP service entirely (as
well as the SSDP service.) I wrote an article for Securityfocus 
about the buffer overflow that eEye found in SSDP (announced right after
the launch of XP), and the potential for exploitation of this service is
scary. Microsoft appears to have given very little thought to the
potential for hacking this service.
The UPnP service is not started by default, however the SSDP service is.
I would disable both and have on every machine I use.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
From: Joerg Weber [mailto:j.weber at ...8292...]
Sent: Wednesday, June 04, 2003 9:34 AM
Subject: Re: [Snort-users] SCAN UPnP service discover attempt
I'm not exactly a windows expert, but as far as I know, do Windows XP
clients by default look for what is called UPnP device descriptions via
UPnP. That's why you'r seeing these alerts IMO.
Have a look at
for some info about the UPnP service and bugs within it.
More information about the Snort-users