Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: TCP/UDP Port Activity - SANS Internet Storm Center TCP/UDP Port Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp ssdp SSDP
udp ssdp SSDP
[get complete service list]
User Comments
Submitted By Date
Comment
2015-05-24 00:28:28
Observing multiple UPnP SSDP scans on port 1900. Originating from multiple sources and hitting all external IPs.
Peter Gervai 2014-08-22 03:02:22
Observing DDoS based on udp/1900 right now, avg pkt size around 300 bytes per zombie.
2013-01-31 13:51:48
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp Vulnerability Note VU#922681 http://www.kb.cert.org/vuls/id/922681
Thiago P. Macedo 2006-12-31 08:09:33
SSDP Discovery Service SSDP Discovery Service implements Simple Service Discovery Protocol (SSDP) as a Windows service. SSDP Discovery Service manages receipt of device presence announcements, updates its cache, and passes these notifications along to clients with outstanding search requests. SSDP Discovery Service also accepts registration of event callbacks from clients, turns these into subscription requests, and monitors for event notifications. It then passes these requests along to the registered callbacks. This system service also provides hosted devices with periodic announcements. Currently, the SSDP event notification service uses TCP port 5000. Starting with the next Windows XP service pack, it will rely on TCP port 2869. Note At the time of this writing, the current Windows XP service pack level is Windows XP Service Pack 1 (SP1). System service name: SSDPRSR Application protocol Protocol Ports SSDP UDP 1900 SSDP event notification TCP 2869 SSDP legacy event notification TCP 5000 (See http://support.microsoft.com/Default.aspx?kbid=832017 for more details).
Johannes Ullrich 2003-02-25 19:02:42
This port is used by 'Universal Plug and Play' (UPNP). By default, Windows XP has this function enabled. Some more recent routers use it as well. UPNP is designed to allow network devices to configure themself automatically.
Add a comment
CVE Links
CVE # Description