SSDP?

From: john.smith@minolta-qms.com
Date: Thu Oct 11 2001 - 12:50:06 PDT

  • Next message: dove: "Re: SSDP?"

    All,
    
    	Is the following the footprint of a trojan or virus?  Does anyone have any pointers to SSDP?
    
    	Thanks everyone.
    
    John
    
    10/10-08:24:10.486051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
    UDP TTL:1 TOS:0x0 ID:26196 IpLen:20 DgmLen:118
    Len: 98
    4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
    31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
    35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
    6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
    61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
    0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....
    
    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    
    10/10-08:24:13.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
    UDP TTL:1 TOS:0x0 ID:26243 IpLen:20 DgmLen:118
    Len: 98
    4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
    31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
    35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
    6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
    61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
    0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....
    
    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    
    10/10-08:24:16.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
    UDP TTL:1 TOS:0x0 ID:26269 IpLen:20 DgmLen:118
    Len: 98
    4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
    31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
    35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
    6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
    61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
    0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....
    
    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    
    10/10-09:22:52.176051 xxx.xxx.xxx.xxx:1039 -> xxx.xxx.xxx.xxx:1900
    UDP TTL:1 TOS:0x0 ID:176 IpLen:20 DgmLen:118
    Len: 98
    4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
    31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
    35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
    6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
    61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
    0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 12:56:35 PDT