And also, after searching bugtraq: http://online.securityfocus.com/archive/1/254410 http://online.securityfocus.com/archive/1/254945 http://online.securityfocus.com/archive/1/255018
Short summary (taken from the second link): "MSN Messenger communicates using UPNP to try to auto-detect any UPNP-compliant firewalls/routers you may have. Ostensibly, NAT/Firewall devices that support UPNP will allow file transfers, voice and audio communications so MSN Messenger polls for them to autoconfigure itself and the NAT/Firewall device to support these transfer types." /Christopher Thorjussen >===== Original Message From "Ray Chambers" <[EMAIL PROTECTED]> ===== >off topic - but > >Steve Gibson, GRC.COM, has written an assembler language disabler of upnp. > >ray > >>===== Original Message From "James T. Moore" <[EMAIL PROTECTED]> ===== >>Port 1900 is used by the SSDP (Simple Service Discovery Protocol ) >>Discovery Service in windows XP, ME and other windows operating >>systems which implement universal plug and play. This service is used >>to attach to plug and play network devices and services. >> >>Side note: I had set the the ssdp and upnp services to only run when >>manually started on my client machine running windows XP. I recently >>installed several updates from Microsoft for Internet Explorer and Msn >>messenger and shortly noticed alot of connection atempts to port 1900 >>from my client machine to my linux gateway. Appearantly, one of these >>updates starts/uses the SSDP service when the windows machine is >>booted even if the service is set to only be started manually. To prevent >>the service from running, the startup setting must be set to disabled. > >>Thanx for the answer. Both my WinXP laptop (which will go back to Win2k or >>maybe RedHat) and my Win2k Pro workstation have started broadcasting these >>SSDP announcements. So it's not only XP and ME, but also Win2k. You, as me, >>have installed IE6 and MSN so this could probably be the reason for activating >>this UPnP bullshit (at least for now, not seen anything using UPnP). I will >>manually disable this feature thanks to James T. Moore's infomation. Hopefully >>my log will yet again containt none Local Lan entries.
