Snort mailing list archives

Anyone recognize this packet?

From: Rich Adamson <radamson () routers com>
Date: Wed, 3 Apr 2002 05:32:04 -0600


We're seeing a few internal workstations (behind a firewall) originating
packets with the contents like:

 "SEARCH * HTTP/1.1 HOST 239.255.255.255:1900<crlf>MAN "ssdp:discovery"<lf>
 MX: 3<crlf>ST: urn:schemas-upnp-org:service:WANIPConnection:1<crlf>

The packets were observed being sent to the workstation's default gateway
(happens to be a Bay BLN router) with a destination port of udp-1900, as
observed with an NAI Sniffer. The router is not configured to support
multicasting.

Anyone seen these or have any idea what might be generating the query/scan?



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Anyone recognize this packet? Rich Adamson (Apr 03)
- Anyone recognize this packet? David Bianco (Apr 03)
- <Possible follow-ups>
- RE: Anyone recognize this packet? Kjetil Laasby (Apr 03)