Author Topic: Why packets to 239.255.255.250: 1900  (Read 21137 times)

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20148
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Why packets to 239.255.255.250: 1900
« on: July 02, 2006, 03:46:02 PM »
Hi malware fighters,

If sniffing my traffic I see packets sent to 239.255.255.250
SSDP Method = M-SEARCH SSDP Uniform Resource Identifier =
' SSDP HTTP Prot Version = HTTP/1.1. SSDP Host = 239.255.255.250:1900 UDP
SSDP Search Target -um: schemas-upnp-org : device : Internet-GatewaysDevice
SSDP Maximam wait = 3
Is this going to iana reserved, protowall from bluetack protects you, and also the blocklist manager from here:
http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=14

Why this excessive traffic for upnp. Is this a leech service with svchost to track people's illegal downloads, or just like MS says because it has no other way to establish the device?

Who knows more, and who has it blocked?  We knowl svchost is an essential part of the system & without it your computer won't run? svchost in other places than it should be is malware, but does the normal svchost also "legally" misbehave, that is "spy on ye"?. "What one does not know, does not hurt one, is the policy of to-day!".

polonus

« Last Edit: July 02, 2006, 03:49:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Why packets to 239.255.255.250: 1900
« Reply #1 on: July 02, 2006, 04:32:12 PM »
Windows Messenger Broadcast port 1900, see this http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Network/DisableWindowsMessengerbroadcastsonUDPport1900.html
Quote
In XP, the Simple Service Discovery Protocol (SSDP) discovery service searches for Universal Plug and Play devices on your home network. SSDP searches for upstream Internet gateways using UDP port 1900 - a potential security risk many organizations will want to block. OK, you decide to block SSDP services but to your surprise, your firewall and network sniffers continue to see the UDP port 1900 packets. You have disabled XP's SSDP and even Universal Plug and Play Device Host. Whats going on? This is Universal Plug and Play Network Address Translation (NAT) traversal discovery used by Messenger. If you run a sniffer trace, the following information is displayed in the data section of the packet:

For the average user you don't need the uPnP service enabled unless you intend to share devices over a network/internet, it has nothing to do with the standard PnP (Plug & Play) function.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20148
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Why packets to 239.255.255.250: 1900
« Reply #2 on: July 02, 2006, 06:17:11 PM »
Hi David,

Thank you for the response. As everything is stealth, I think I leave it as it is.
I think the requests are in connection to a four port external plug & play hub.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rdsu

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 530
  • Gender: Male
  • ...
    • Personal Message (Offline)
Re: Why packets to 239.255.255.250: 1900
« Reply #3 on: July 02, 2006, 07:58:57 PM »
You can always know what a port is for, here: http://www.grc.com/port_1900.htm ;)

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now