Snort mailing list archives
Re: SCAN UPnP service discover attempt
From: Mark Williamson <snortuser () nunswithguns co uk>
Date: Wed, 04 Jun 2003 16:12:51 +0000
Hi, I have disabled SSDP in controlpanel->services->SSDP Detection Service on one of the machines (192.168.2.10) - But i am still seeing the same ticking effect same as on the host that doesn't have this service disabled. Again I am lost with no clue, Any ideas?
Thanks againMark
[**] [1:1917:4] SCAN UPnP service discover attempt [**][Classification: Detection of a Network Scan] [Priority: 3] 06/04-16:15:11.097117 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAE
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:928 IpLen:20 DgmLen:160 Len: 132 [**] [1:1917:4] SCAN UPnP service discover attempt [**][Classification: Detection of a Network Scan] [Priority: 3] 06/04-16:15:11.097261 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAF
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:929 IpLen:20 DgmLen:161 Len: 133 [**] [1:1917:4] SCAN UPnP service discover attempt [**][Classification: Detection of a Network Scan] [Priority: 3] 06/04-16:15:11.599529 0:4:23:20:A8:C4 -> 0:50:BA:98:DD:7 type:0x800 len:0xAE
192.168.2.10:1047 -> 192.168.2.200:1900 UDP TTL:128 TOS:0x0 ID:950 IpLen:20 DgmLen:160 Len: 132 <snip>
Just disable the ssdp service on the Windows XP and it will stop the discovery process. UPNP is the new Universal plug and play feature (thanks again M$) that try to discover new hardware on the LAN. For more information on this subject you can get an eye on http://grc.com/unpnp/unpnp.htm
</snip>
My 0.02$ M. Bruyere
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- RE: SCAN UPnP service discover attempt Thomas T. Evans, III (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- Re: SCAN UPnP service discover attempt Joerg Weber (Jun 04)
- <Possible follow-ups>
- RE: SCAN UPnP service discover attempt Bruyere, Michel (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- RE: SCAN UPnP service discover attempt Schmehl, Paul L (Jun 04)
- RE: SCAN UPnP service discover attempt bmcdowell (Jun 04)
- RE: SCAN UPnP service discover attempt Garrett . Allen (Jun 04)
- RE: SCAN UPnP service discover attempt Thomas T. Evans, III (Jun 04)