Snort mailing list archives
RE: SCAN UPnP service discover attempt
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 4 Jun 2003 10:48:33 -0500
Unless you really use it, I would disable the UPnP service entirely (as well as the SSDP service.) I wrote an article for Securityfocus [0] about the buffer overflow that eEye found in SSDP (announced right after the launch of XP), and the potential for exploitation of this service is scary. Microsoft appears to have given very little thought to the potential for hacking this service. The UPnP service is not started by default, however the SSDP service is. I would disable both and have on every machine I use. [0] http://www.securityfocus.com/infocus/1548 Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ -----Original Message----- From: Joerg Weber [mailto:j.weber () infos de] Sent: Wednesday, June 04, 2003 9:34 AM To: SnortUsers Subject: Re: [Snort-users] SCAN UPnP service discover attempt Hi Mark, I'm not exactly a windows expert, but as far as I know, do Windows XP clients by default look for what is called UPnP device descriptions via UPnP. That's why you'r seeing these alerts IMO. Have a look at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS01-059.asp for some info about the UPnP service and bugs within it. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- RE: SCAN UPnP service discover attempt Thomas T. Evans, III (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- Re: SCAN UPnP service discover attempt Joerg Weber (Jun 04)
- <Possible follow-ups>
- RE: SCAN UPnP service discover attempt Bruyere, Michel (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- Re: SCAN UPnP service discover attempt Mark Williamson (Jun 04)
- RE: SCAN UPnP service discover attempt Schmehl, Paul L (Jun 04)
- RE: SCAN UPnP service discover attempt bmcdowell (Jun 04)
- RE: SCAN UPnP service discover attempt Garrett . Allen (Jun 04)
- RE: SCAN UPnP service discover attempt Thomas T. Evans, III (Jun 04)