RE: quick question...
From: Jim Harrison (SPG) (jmharr@microsoft.com)Date: 02/20/02
- Previous message: David Feustel: "Re: restricting permissions for services in Win2K"
- Maybe in reply to: jameswilson@thepentagon.com: "quick question..."
- Next in thread: Ken Hoover: "RE: quick question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Feb 2002 09:26:26 -0800 From: "Jim Harrison (SPG)" <jmharr@microsoft.com> To: <jameswilson@thepentagon.com>, <focus-ms@securityfocus.com>
That's part of the WinXP UPnP feature.
You should:
1. Apply the UPnP patch that MS published recently (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315000)
2. Disable and stop the SSDP Discovery service.
* Jim Harrison
MCP(NT4, 2K), A+, Network+
Services Platform Group
Never be afraid to try something new. Remember that amateurs built the Ark. Professionals built the Titanic.
-----Original Message-----
From: jameswilson@thepentagon.com [mailto:jameswilson@thepentagon.com]
Sent: Tuesday, February 19, 2002 17:09
To: focus-ms@securityfocus.com
Subject: quick question...
Greetings,
I have an XP gateway that uses the firewall that
comes with XP. I noticed that when ever I first
connect (DSL) that an abnormal amount of
packets are being transmitted. I figured
everything out except for the following:
UDP 192.168.0.1:3996 -> 239.255.255.250:1900
01 00 5E 7F FF FA 00 04 5A 5A 5B 0B 08 00 45
00 00 A1 1C 9C 00 00 04 11 E9 0C C0 A8 00 01
EF FF FF FA 0F 9C 07 6C 00 8D 91 3E 4D 2D
53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31
2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35
35 2E 32 35 35 2E 32 35 30 3A 31 39 30 30 0D
0A 53 54 3A 75 72 6E 3A 73 63 68 65 6D 61 73
2D 75 70 6E 70 2D 6F 72 67 3A 64 65 76 69 63
65 3A 49 6E 74 65 72 6E 65 74 47 61 74 65 77
61 79 44 65 76 69 63 65 3A 31 0D 0A 4D 61 6E
3A 22 73 73 64 70 3A 64 69 73 63 6F 76 65 72
22 0D 0A 4D 58 3A 33 0D 0A 0D 0A
..^.ÿú..ZZ[...E..¡.œ....é..¨...ÿÿú.œ.l.‘>M-SEARCH
*
HTTP/1.1..Host:239.255.255.250:1900..ST:urn:sc
hemas-upnp-
org:device:InternetGatewayDevice:1..Man:"ssdp:d
iscover"..MX:3....
The destination IP space is owned by:
IANA (NET-MCAST-NET)
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
US
Netname: MCAST-NET
Netblock: 224.0.0.0 - 239.255.255.255
Any ideas ?
Thanks in advance,
James Wilson
- Previous message: David Feustel: "Re: restricting permissions for services in Win2K"
- Maybe in reply to: jameswilson@thepentagon.com: "quick question..."
- Next in thread: Ken Hoover: "RE: quick question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
