Nmap Development mailing list archives

Re: [NSE] New UPnP information gathering script

From: Gisle Vanem <gvanem () broadpark no>
Date: Fri, 11 Jan 2008 15:10:48 +0100

"Thomas Buchanan" <TBuchanan () thecompassgrp net> wrote:

Unfortunately, I don't know any way of working around this at this
point, so those systems won't be detected by this script.  Out of
curiosity, what type of router do you have?


A Netopia Cayman 3351 ADSL router.

The noticy msg. comes every ~3 min in groups of 16. From tshark:

  1   0.000000     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  2   0.000456     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  3   0.400011     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  4   0.400411     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  5   0.400813     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  6   0.401273     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  7   0.780053     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  8   1.180025     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
  9   1.180537     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 10   1.181055     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 11   1.181504     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 12   1.181908     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 13   1.500082     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 14   1.500666     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 15   1.860225     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
 16   1.860755     10.0.0.1 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1

And the last one expanded:

Hypertext Transfer Protocol
    NOTIFY * HTTP/1.1\r\n
        Request Method: NOTIFY
        Request URI: *
        Request Version: HTTP/1.1
    HOST:239.255.255.250:1900\r\n
    Cache-Control:max-age=300\r\n
    Location:http://10.0.0.1:80/devdescr.xml\r\n
    NT:urn:schemas-upnp-org:device:WANConnectionDevice:1\r\n
    NTS:ssdp:alive\r\n
    SERVER:NT/5.0 UPnP/1.0\r\n
    USN:uuid:upnp-WANConnectionDevice-1_0-_0-0000c5981d10::urn:schemas-upnp-org:device:WANConnection
Device:1\r\n
    \r\n

--gv

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE] New UPnP information gathering script Thomas Buchanan (Jan 09)
- Re: [NSE] New UPnP information gathering script Eddie Bell (Jan 10)
- Re: [NSE] New UPnP information gathering script Fyodor (Jan 10)
- <Possible follow-ups>
- Re: [NSE] New UPnP information gathering script Gisle Vanem (Jan 11)
  - RE: [NSE] New UPnP information gathering script Thomas Buchanan (Jan 11)
    - Re: [NSE] New UPnP information gathering script Gisle Vanem (Jan 11)
    - RE: [NSE] New UPnP information gathering script Thomas Buchanan (Jan 11)