If sniffing my traffic I see packets sent to 239.255.255.250
SSDP Method = M-SEARCH SSDP Uniform Resource Identifier =
’ SSDP HTTP Prot Version = HTTP/1.1. SSDP Host = 239.255.255.250:1900 UDP
SSDP Search Target -um: schemas-upnp-org : device : Internet-GatewaysDevice
SSDP Maximam wait = 3
Is this going to iana reserved, protowall from bluetack protects you, and also the blocklist manager from here: http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=14
Why this excessive traffic for upnp. Is this a leech service with svchost to track people’s illegal downloads, or just like MS says because it has no other way to establish the device?
Who knows more, and who has it blocked? We knowl svchost is an essential part of the system & without it your computer won’t run? svchost in other places than it should be is malware, but does the normal svchost also “legally” misbehave, that is “spy on ye”?. “What one does not know, does not hurt one, is the policy of to-day!”.
In XP, the Simple Service Discovery Protocol (SSDP) discovery service searches for Universal Plug and Play devices on your home network. SSDP searches for upstream Internet gateways using UDP port 1900 - a potential security risk many organizations will want to block. OK, you decide to block SSDP services but to your surprise, your firewall and network sniffers continue to see the UDP port 1900 packets. You have disabled XP's SSDP and even Universal Plug and Play Device Host. Whats going on? This is Universal Plug and Play Network Address Translation (NAT) traversal discovery used by Messenger. If you run a sniffer trace, the following information is displayed in the data section of the packet:
For the average user you don’t need the uPnP service enabled unless you intend to share devices over a network/internet, it has nothing to do with the standard PnP (Plug & Play) function.
Thank you for the response. As everything is stealth, I think I leave it as it is.
I think the requests are in connection to a four port external plug & play hub.
