[unisog] UPNP Multicast Traffic

Lois Lehman LOIS.LEHMAN at asu.edu
Thu Nov 13 04:32:51 GMT 2003


Thanks Lucy.  Since I am seeing this in only one of three buildings
where I am running an IDS, I suspect that there is a variance in the
rules on the router for the building where I am seeing it.  I will send
a note to the list when I determine if there have been any changes in
that building router from our central IT folks.

Lois Lehman
College Network Security Manager
Physical Sciences Computer Support Manager
College of Liberal Arts & Sciences
Arizona State University
480-965-3139


-----Original Message-----
From: Lucy E. Lynch [mailto:llynch at darkwing.uoregon.edu] 
Sent: Wednesday, November 12, 2003 5:34 PM
To: Lois Lehman
Cc: unisog at sans.org
Subject: Re: [unisog] UPNP Multicast Traffic

Lois -

See: http://www.upnp.org/download/draft_cai_ssdp_v1_03.txt

there was some discussion about this in the SSM working group
at IETF yesterday - no clear resolution...

Lucy E. Lynch 				Academic User Services
Computing Center			University of Oregon
llynch  @darkwing.uoregon.edu		(541) 346-1774/Cell: 912-7998

On Wed, 12 Nov 2003, Lois Lehman wrote:

> We just started seeing this UPNP scanning from inside our campus and
> from outside destined for the multicast address, 239.255.255.250.
Does
> anyone know why this would be happening?
>
> [**] SCAN UPNP service discover attempt [**]
> 11/12-13:18:42.359857 169.254.244.147:1412 -> 239.255.255.250:1900
> UDP TTL:1 TOS:0x0 ID:39299 IpLen:20 DgmLen:161
> Len: 133
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+
>
> Lois Lehman
> College Network Security Manager
> Physical Sciences Computer Support Manager
> College of Liberal Arts & Sciences
> Arizona State University
> 480-965-3139
>
>



More information about the unisog mailing list