SSDP?

From: john.smith@minolta-qms.com
Date: Thu Oct 11 2001 - 12:50:06 PDT

Previous message: Arta: "Re: Port 17889 - new attack?"
Next in thread: dove: "Re: SSDP?"
Reply: dove: "Re: SSDP?"
Reply: John Sage: "Re: SSDP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All,

	Is the following the footprint of a trojan or virus?  Does anyone have any pointers to SSDP?

	Thanks everyone.

John

10/10-08:24:10.486051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26196 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-08:24:13.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26243 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-08:24:16.686051 xxx.xxx.xxx.xxx:4612 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:26269 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/10-09:22:52.176051 xxx.xxx.xxx.xxx:1039 -> xxx.xxx.xxx.xxx:1900
UDP TTL:1 TOS:0x0 ID:176 IpLen:20 DgmLen:118
Len: 98
4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F  M-SEARCH * HTTP/
31 2E 31 0D 0A 48 6F 73 74 3A 32 33 39 2E 32 35  1.1..Host:239.25
35 2E 32 35 35 2E 32 35 30 0D 0A 53 54 3A 75 70  5.255.250..ST:up
6E 70 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D  np:rootdevice..M
61 6E 3A 73 73 64 70 3A 64 69 73 63 6F 76 65 72  an:ssdp:discover
0D 0A 4D 58 3A 33 0D 0A 0D 0A                    ..MX:3....

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: dove: "Re: SSDP?"
Previous message: Arta: "Re: Port 17889 - new attack?"
Next in thread: dove: "Re: SSDP?"
Reply: dove: "Re: SSDP?"
Reply: John Sage: "Re: SSDP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 12:56:35 PDT