Infra-R3d
05-05-2001, 05:27 PM
This is an unusual packet dump I found whilst using snort. It appears I am sending a message to a host on the internet, advertising that I have some sort of webserver running on my machine (213.105.x.x) and I am broadcasting this message from port 1900 on my machine to 1900 on the remote machine. Any ideas on what this might be? The distro is Red Hat 7.1. I'd be greatful if anyone could help, thanks!
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+=+=+=+=+=+=+=+=+=+=+=+
05/05-21:13:00.051552 213.105.x.x:1900 -> 239.255.255.250:1900
UDP TTL:3 TOS:0x0 ID:4167 IpLen:20 DgmLen:422
Len: 402
NOTIFY * HTTP/1.
1..Host:239.255.
255.250:1900..NT
:urn:schemas-upn
p-org:service:OS
Info:0.2..NTS:ss
dp:alive..Locati
on:http://213.10
5.x.x:2869/up
nphost/udhisapi.
dll?content=uuid
:3c92d958-5558-4
534-b134-8f6fa55
ca7f8..USN:uuid:
3c92d958-5558-45
34-b134-8f6fa55c
a7f8::urn:schema
s-upnp-org:servi
ce:OSInfo:0.2..C
ache-Control:max
-age=30..Server:
Microsoft Window
s NT/5.1 UPnP/1.
0 UPnP Device Ho
st/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+=+=+=+=+=+=+=+=+=+=+=+
Please noe, I changed my IP to 213.105.x.x for security reasons. Thanks.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+=+=+=+=+=+=+=+=+=+=+=+
05/05-21:13:00.051552 213.105.x.x:1900 -> 239.255.255.250:1900
UDP TTL:3 TOS:0x0 ID:4167 IpLen:20 DgmLen:422
Len: 402
NOTIFY * HTTP/1.
1..Host:239.255.
255.250:1900..NT
:urn:schemas-upn
p-org:service:OS
Info:0.2..NTS:ss
dp:alive..Locati
on:http://213.10
5.x.x:2869/up
nphost/udhisapi.
dll?content=uuid
:3c92d958-5558-4
534-b134-8f6fa55
ca7f8..USN:uuid:
3c92d958-5558-45
34-b134-8f6fa55c
a7f8::urn:schema
s-upnp-org:servi
ce:OSInfo:0.2..C
ache-Control:max
-age=30..Server:
Microsoft Window
s NT/5.1 UPnP/1.
0 UPnP Device Ho
st/1.0....
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+=+=+=+=+=+=+=+=+=+=+=+
Please noe, I changed my IP to 213.105.x.x for security reasons. Thanks.