Re: [SLUG] MS IM stuff

• Next message: SOTL: "Re: [SLUG] Leeching a website"
• Previous message: 404: "Re: [SLUG] WeeOS to be Relased at Sarasota Meeting."
• In reply to: Mike Branda: "Re: [SLUG] MS IM stuff"
• Next in thread: Mike Branda: "Re: [SLUG] MS IM stuff"
• Reply: Mike Branda: "Re: [SLUG] MS IM stuff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 6/14/05, Mike Branda <mike@wackyworld.tv> wrote:
> On Fri, 2005-06-10 at 20:03 -0600, Chuck Hast wrote:
> > Folks,
> > I think this stuff is coming through the router/firewall, but not sure.
> >
> > I have tried to block it but it is still appearing on my local network
> > I would like to get rid of it.
> >
> > UDP (310 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (366 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (294 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (286 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (330 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (306 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (360 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (358 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (362 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0 │
> > │ UDP (354 bytes) from 192.168.1.1:1900 to 239.255.255.250:1900 on eth0
> >
> > This is SSDP, from what I can see it should be coming from a windows
> > machine, but the 192.168.1.1 address is the lan port on my router, so either
> > it is coming from the cable network side or the router it's self.
> >
> > I tried to filter it out and it was still there so I am now wondering
> > if the silly
> > router is generating it.
>
> As much as we all love Gibson Research.... Here's a link to their site
> that talks about UPnP and the details of port 1900. 239.255.255.250 is
> part of a reserved range for multicast messages and other. Gibson
> offers a free applet that disables UPnP on windows boxes (enabled by
> default). Follow the link on the bottom of the page. We've used it
> here a few times as our IDS (Snort based) had thousands of entries from
> a UPnP rule.
>
> If it's a hardware router it may be possible to turn off UPnP. I've
> read a couple of articles about it. Google it's model number or post it
> here to see if we can find a way to disable it.
>

Yea, it is the router, both of the buggers generate it. I had a LinkSys
Network everywhere in there and pulled it out and replaced it with a
LinkSys BEFSR41 V3, and it is just as bad if not worse.

I guess that stuff is great if you can use it for something, but so far
all I see is that crap klobbering my network...

-- 
Chuck Hast 
To paraphrase my flight instructor;
"the only dumb question is the one you DID NOT ask resulting in my going
out and having to identify your bits and pieces in the midst of torn
and twisted metal."
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: SOTL: "Re: [SLUG] Leeching a website"
• Previous message: 404: "Re: [SLUG] WeeOS to be Relased at Sarasota Meeting."
• In reply to: Mike Branda: "Re: [SLUG] MS IM stuff"
• Next in thread: Mike Branda: "Re: [SLUG] MS IM stuff"
• Reply: Mike Branda: "Re: [SLUG] MS IM stuff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:29 EDT