dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
65575
share rss forum feed


wmgoat
If It's Not Broken, Don't Mess With It
Premium
join:2000-12-12
Huntley, IL

who is 239.255.255.250 & why do they want access?

My norton firewall is telling me that svchost.exe is trying to access 239.255.255.250 on UDP, port 1900.

So far I have been telling it NO, not this time.
And yesterday, just to be safe, I did a spyware scan with Ad-aware with the latest signature, no spyware was found.

I did an nslookup on the ip and ameritech's dns didn't find it.

So I went to whois.net and got the following:
************
Search results for: 239.255.255.250

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgTechHandle: IANA-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-823-9358
OrgTechEmail: res-ip@iana.org

# ARIN WHOIS database, last updated 2003-08-24 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
************

So who is this and why do they want access to my PC? Should I seet a rule to block it always, or allow it through?
--
No Smoke? Then it has to be Software!


LowWaterMark
Premium
join:2002-05-16
Wallingford, CT

That is some sort of multicast message that your PC is trying to send out, not someone else trying to get in. (That's why the message says that your svchost.exe program is trying to access 239.255.255.250.)

UDP port 1900 is Universal Plug and Play, so I can only assume that your system is attempting to query the local network for the existence of some device (perhaps a printer server or such?).

I would just block it permanently. But, it'd be interesting to know how often the message comes up and perhaps to try to figure out just what your system is looking for.
--
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily!


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

reply to wmgoat

The answer is its trying to broadcast SSDP over you network, and you don't need this.

Start -> Run: services.msc

Then do this for SSDP Discovery Service, and Universal Plug n' Prey. Select the service, right-click properties, stop the service, and disable the service. You won't see this happening anymore, and its something you don't need to allow.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
[text was edited by author 2003-08-25 16:18:01]