Snort mailing list archives
RE: SCAN UPnP service discover attempt
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 15 Oct 2003 16:18:56 -0500
-----Original Message----- From: Martin Jr., D. Michael [mailto:martinm () montevallo edu] Sent: Wednesday, October 15, 2003 3:37 PM To: snort-users () lists sourceforge net Subject: [Snort-users] SCAN UPnP service discover attempt Is the "SCAN UPnP service discover attempt" something I should worry about? If so, how so? If not, why not and how can I remove it from my log alerts (I can't find what rule in Snort may be creating this alert).
I would disable it. In a University environment you are going to have thousands of Windows machines with the Simple Service Discovery Protocol service enabled, because it's the default install. Unless you want to figure out how to turn all those off (and good luck on getting 100% cooperation from your residence halls), you're better off ignoring the traffic. I'm assuming, of course, that you have a default deny strategy at your edge. If not, definitely block port 5000/UDP along with the NetBIOS, CIFS, SMB, RPC and NFS ports at your edge. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SCAN UPnP service discover attempt Schmehl, Paul L (Oct 15)
- <Possible follow-ups>
- SCAN UPnP service discover attempt Martin Jr., D. Michael (Oct 15)
- RE: SCAN UPnP service discover attempt Philip Davidson (Oct 16)
- Re: SCAN UPnP service discover attempt Michael . Mulholland (Dec 30)
- RE: Re: SCAN UPnP service discover attempt Brian F. Vaughan (Dec 30)
- Re: SCAN UPnP service discover attempt Michael . Mulholland (Dec 30)