Snort mailing list archives
Anyone recognize this packet?
From: Rich Adamson <radamson () routers com>
Date: Wed, 3 Apr 2002 05:32:04 -0600
We're seeing a few internal workstations (behind a firewall) originating packets with the contents like: "SEARCH * HTTP/1.1 HOST 239.255.255.255:1900<crlf>MAN "ssdp:discovery"<lf> MX: 3<crlf>ST: urn:schemas-upnp-org:service:WANIPConnection:1<crlf> The packets were observed being sent to the workstation's default gateway (happens to be a Bay BLN router) with a destination port of udp-1900, as observed with an NAI Sniffer. The router is not configured to support multicasting. Anyone seen these or have any idea what might be generating the query/scan? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Anyone recognize this packet? Rich Adamson (Apr 03)
- Anyone recognize this packet? David Bianco (Apr 03)
- <Possible follow-ups>
- RE: Anyone recognize this packet? Kjetil Laasby (Apr 03)