All, Is the following the footprint of a trojan or virus? Does anyone have any pointers to SSDP? Thanks everyone. John 10/10-08:24:10.486051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900 UDP TTL:1 TOS:0x0 ID:26196 IpLen:20 DgmLen:118 Len: 98 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F M-SEARCH * HTTP/ 31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35 1.1..Host:239.25 35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70 5.255.250..ST:up 6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D np:rootdevice..M 61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72 an:ssdp:discover 0D 0A 4D 58 3A 33 0D 0A 0D 0A ..MX:3.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/10-08:24:13.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900 UDP TTL:1 TOS:0x0 ID:26243 IpLen:20 DgmLen:118 Len: 98 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F M-SEARCH * HTTP/ 31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35 1.1..Host:239.25 35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70 5.255.250..ST:up 6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D np:rootdevice..M 61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72 an:ssdp:discover 0D 0A 4D 58 3A 33 0D 0A 0D 0A ..MX:3.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/10-08:24:16.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900 UDP TTL:1 TOS:0x0 ID:26269 IpLen:20 DgmLen:118 Len: 98 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F M-SEARCH * HTTP/ 31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35 1.1..Host:239.25 35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70 5.255.250..ST:up 6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D np:rootdevice..M 61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72 an:ssdp:discover 0D 0A 4D 58 3A 33 0D 0A 0D 0A ..MX:3.... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/10-09:22:52.176051 xxx.xxx.xxx.xxx:1039 -> xxx.xxx.xxx.xxx:1900 UDP TTL:1 TOS:0x0 ID:176 IpLen:20 DgmLen:118 Len: 98 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F M-SEARCH * HTTP/ 31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35 1.1..Host:239.25 35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70 5.255.250..ST:up 6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D np:rootdevice..M 61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72 an:ssdp:discover 0D 0A 4D 58 3A 33 0D 0A 0D 0A ..MX:3.... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 12:56:35 PDT