Author Topic: Why packets to 239.255.255.250: 1900  (Read 84359 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Why packets to 239.255.255.250: 1900
« on: July 02, 2006, 05:46:02 PM »
Hi malware fighters,

If sniffing my traffic I see packets sent to 239.255.255.250
SSDP Method = M-SEARCH SSDP Uniform Resource Identifier =
' SSDP HTTP Prot Version = HTTP/1.1. SSDP Host = 239.255.255.250:1900 UDP
SSDP Search Target -um: schemas-upnp-org : device : Internet-GatewaysDevice
SSDP Maximam wait = 3
Is this going to iana reserved, protowall from bluetack protects you, and also the blocklist manager from here:
http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=14

Why this excessive traffic for upnp. Is this a leech service with svchost to track people's illegal downloads, or just like MS says because it has no other way to establish the device?

Who knows more, and who has it blocked?  We knowl svchost is an essential part of the system & without it your computer won't run? svchost in other places than it should be is malware, but does the normal svchost also "legally" misbehave, that is "spy on ye"?. "What one does not know, does not hurt one, is the policy of to-day!".

polonus

« Last Edit: July 02, 2006, 05:49:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Why packets to 239.255.255.250: 1900
« Reply #1 on: July 02, 2006, 06:32:12 PM »
Windows Messenger Broadcast port 1900, see this http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Network/DisableWindowsMessengerbroadcastsonUDPport1900.html
Quote
In XP, the Simple Service Discovery Protocol (SSDP) discovery service searches for Universal Plug and Play devices on your home network. SSDP searches for upstream Internet gateways using UDP port 1900 - a potential security risk many organizations will want to block. OK, you decide to block SSDP services but to your surprise, your firewall and network sniffers continue to see the UDP port 1900 packets. You have disabled XP's SSDP and even Universal Plug and Play Device Host. Whats going on? This is Universal Plug and Play Network Address Translation (NAT) traversal discovery used by Messenger. If you run a sniffer trace, the following information is displayed in the data section of the packet:

For the average user you don't need the uPnP service enabled unless you intend to share devices over a network/internet, it has nothing to do with the standard PnP (Plug & Play) function.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Why packets to 239.255.255.250: 1900
« Reply #2 on: July 02, 2006, 08:17:11 PM »
Hi David,

Thank you for the response. As everything is stealth, I think I leave it as it is.
I think the requests are in connection to a four port external plug & play hub.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
Re: Why packets to 239.255.255.250: 1900
« Reply #3 on: July 02, 2006, 09:58:57 PM »
You can always know what a port is for, here: http://www.grc.com/port_1900.htm ;)
Avast Free Antivirus: Web Shield & Home Network Security.