dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
187856

wmgoat
If It's Not Broken, Don't Mess With It
Premium Member
join:2000-12-12
Huntley, IL

wmgoat

Premium Member

who is 239.255.255.250 & why do they want access?

My norton firewall is telling me that svchost.exe is trying to access 239.255.255.250 on UDP, port 1900.

So far I have been telling it NO, not this time.
And yesterday, just to be safe, I did a spyware scan with Ad-aware with the latest signature, no spyware was found.

I did an nslookup on the ip and ameritech's dns didn't find it.

So I went to whois.net and got the following:
************
Search results for: 239.255.255.250

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgTechHandle: IANA-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-823-9358
OrgTechEmail: res-ip@iana.org

# ARIN WHOIS database, last updated 2003-08-24 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
************

So who is this and why do they want access to my PC? Should I seet a rule to block it always, or allow it through?
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark

Premium Member

That is some sort of multicast message that your PC is trying to send out, not someone else trying to get in. (That's why the message says that your svchost.exe program is trying to access 239.255.255.250.)

UDP port 1900 is Universal Plug and Play, so I can only assume that your system is attempting to query the local network for the existence of some device (perhaps a printer server or such?).

I would just block it permanently. But, it'd be interesting to know how often the message comes up and perhaps to try to figure out just what your system is looking for.
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus to wmgoat

Premium Member

to wmgoat
The answer is its trying to broadcast SSDP over you network, and you don't need this.

Start -> Run: services.msc

Then do this for SSDP Discovery Service, and Universal Plug n' Prey. Select the service, right-click properties, stop the service, and disable the service. You won't see this happening anymore, and its something you don't need to allow.