RE: quick question...
From: Ken Hoover (ken.hoover@yale.edu)Date: 02/20/02
- Previous message: Bill Mote: "RE: Restrict Access to drives"
- In reply to: jameswilson@thepentagon.com: "quick question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ken Hoover" <ken.hoover@yale.edu> To: <jameswilson@thepentagon.com> Date: Wed, 20 Feb 2002 11:00:07 -0500
This should really be a FAQ because it comes up just about every time somebody puts a firewall between a Windows machine and the internet.
Since you're on XP, it's probably UPnP announcing itself via IP multicast. Note that "ssdp:discover" in the dump - ssdp is the UPnP service discovery protocol.
There is some good discussion of this in Google Groups (search for "4.6 UPNP Discover packets "). This is from another person who had the exact same question.
WINS servers also send IP multicast stuff as well (looking for replication partners) to a 224.x.x.x address.
Hope this helps.
- Ken Hoover
-- Ken Hoover KE1LR | "... they call this a Systems Programmer | tweetle beetle bottle puddle Yale University ITS/WSS | paddle battle muddle." ken.hoover@yale.edu x2-1260 | - from "Fox in Socks"> -----Original Message----- > From: jameswilson@thepentagon.com [mailto:jameswilson@thepentagon.com] > Sent: Tuesday, February 19, 2002 8:09 PM > To: focus-ms@securityfocus.com > Subject: quick question... > > > > > Greetings, > > > I have an XP gateway that uses the firewall that > comes with XP. I noticed that when ever I first > connect (DSL) that an abnormal amount of > packets are being transmitted. I figured > everything out except for the following: > > UDP 192.168.0.1:3996 -> 239.255.255.250:1900 > > 01 00 5E 7F FF FA 00 04 5A 5A 5B 0B 08 00 45 > 00 00 A1 1C 9C 00 00 04 11 E9 0C C0 A8 00 01 > EF FF FF FA 0F 9C 07 6C 00 8D 91 3E 4D 2D > 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 > 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35 > 35 2E 32 35 35 2E 32 35 30 3A 31 39 30 30 0D > 0A 53 54 3A 75 72 6E 3A 73 63 68 65 6D 61 73 > 2D 75 70 6E 70 2D 6F 72 67 3A 64 65 76 69 63 > 65 3A 49 6E 74 65 72 6E 65 74 47 61 74 65 77 > 61 79 44 65 76 69 63 65 3A 31 0D 0A 4D 61 6E > 3A 22 73 73 64 70 3A 64 69 73 63 6F 76 65 72 > 22 0D 0A 4D 58 3A 33 0D 0A 0D 0A > > ..^...ZZ[...E..............l.>M-SEARCH > * > HTTP/1.1..Host:239.255.255.250:1900..ST:urn:sc > hemas-upnp- > org:device:InternetGatewayDevice:1..Man:"ssdp:d > iscover"..MX:3.... > > > The destination IP space is owned by: > > IANA (NET-MCAST-NET) > Internet Assigned Numbers Authority > 4676 Admiralty Way, Suite 330 > Marina del Rey, CA 90292-6695 > US > > Netname: MCAST-NET > Netblock: 224.0.0.0 - 239.255.255.255 > > > > > Any ideas ? > > Thanks in advance, > > James Wilson >
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: Bill Mote: "RE: Restrict Access to drives"
- In reply to: jameswilson@thepentagon.com: "quick question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
