dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed

If It's Not Broken, Don't Mess With It
Huntley, IL

who is & why do they want access?

My norton firewall is telling me that svchost.exe is trying to access on UDP, port 1900.

So far I have been telling it NO, not this time.
And yesterday, just to be safe, I did a spyware scan with Ad-aware with the latest signature, no spyware was found.

I did an nslookup on the ip and ameritech's dns didn't find it.

So I went to whois.net and got the following:
Search results for:

OrgName: Internet Assigned Numbers Authority
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: -
NetHandle: NET-224-0-0-0-1
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
RegDate: 1991-05-22
Updated: 2002-09-16

OrgTechHandle: IANA-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-823-9358
OrgTechEmail: res-ip@iana.org

# ARIN WHOIS database, last updated 2003-08-24 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

So who is this and why do they want access to my PC? Should I seet a rule to block it always, or allow it through?
No Smoke? Then it has to be Software!

Wallingford, CT
That is some sort of multicast message that your PC is trying to send out, not someone else trying to get in. (That's why the message says that your svchost.exe program is trying to access

UDP port 1900 is Universal Plug and Play, so I can only assume that your system is attempting to query the local network for the existence of some device (perhaps a printer server or such?).

I would just block it permanently. But, it'd be interesting to know how often the message comes up and perhaps to try to figure out just what your system is looking for.
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily!

Burnt Out Cynic

reply to wmgoat
The answer is its trying to broadcast SSDP over you network, and you don't need this.

Start -> Run: services.msc

Then do this for SSDP Discovery Service, and Universal Plug n' Prey. Select the service, right-click properties, stop the service, and disable the service. You won't see this happening anymore, and its something you don't need to allow.
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
[text was edited by author 2003-08-25 16:18:01]