On 6/10/05, Eben King <eben1@tampabay.rr.com> wrote:
> On Fri, 10 Jun 2005, Chuck Hast wrote:
>
> > Folks,
> > I think this stuff is coming through the router/firewall, but not sure.
> >
> > I have tried to block it but it is still appearing on my local network
> > I would like to get rid of it.
> >
> > UDP (310 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (366 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (294 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (286 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (330 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (306 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (360 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (358 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (362 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> > UDP (354 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> >
> > This is SSDP, from what I can see it should be coming from a windows
> > machine, but the 192.168.1.1 address is the lan port on my router, so either
> > it is coming from the cable network side or the router it's self.
> >
> > I tried to filter it out and it was still there so I am now wondering
> > if the silly router is generating it.
>
> If it's FROM 192.168.1.1 (192.168.*.* is non-routable), it must have come
> from inside. (Besides, it says "from" not "to".)
> http://www.google.com/search?hl=en&q=%22port+1900%22 has lots of hits on the
> phrase "port 1900". If you have no machine with that address, it might be
> the router. Check its address.
>
> 239.255.255.250 reminds me of an address mask too. Odd range, though.
>
> Fire up netstat ("netstat -A inet -p") and see if you can find out which
> program is sending it, if 192.168.1.1 is your computer.
>
Yes, 192.168.1.1 is the address of the router on the lan side, and that is
what we are seeing. I think the router is UPnP enabled and it is sending
that crap out. I have been trying to find out if there is a way to go in and
turn it off, but sets there and sends it about every 30 seconds...
-- Chuck Hast To paraphrase my flight instructor; "the only dumb question is the one you DID NOT ask resulting in my going out and having to identify your bits and pieces in the midst of torn and twisted metal."----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:05:10 EDT