Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

SSDP?

From: john.smith () minolta-qms com
Date: Thu, 11 Oct 2001 14:50:06 -0500
All,

        Is the following the footprint of a trojan or virus?  Does anyone have any pointers to SSDP?

        Thanks everyone.

John

10/10-08:24:10.486051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26196 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-08:24:13.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26243 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-08:24:16.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26269 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-09:22:52.176051 xxx.xxx.xxx.xxx:1039 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:176 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: