  MarkPremium
join:2001-11-15
Phoenix, AZ
kudos:1
| SSDPSRV - Port 1025 The Simple Service Discovery Protocol finds UPnP devices on your home network. For security reasons, I recommend disabling it along with all other UPnP services.
Edit: I've also heard reports that MSTask and DCOM also use this port, your mileage may vary. Also, keep in mind that ports >1024 are designated for dynamic allocation by Windows.
[text was edited by author 2003-01-26 00:32:49] | |
|
 |  PetePumaHow many lumps do you wantPremium,MVM
join:2002-06-13
Arlington, VA | Re: SSDPSRV - Port 1025 Ports 1025 and above are the start of the dynamic range for almost all TCP/IP stack implementations. When programs start and ask for "next available" socket, they get them sequentially starting at 1025.
Depending on what's running on your computer and the order it starts in, this port (and those above it) could be almost anything. | |
|
| | | | Re: SSDPSRV - Port 1025 Well, not quite sequentially. If the allocation would be done sequentially then it would open the door for a class of guessing attacks. The security increases with the randomness of allocation.
A second note, some systems can set the range of ports to be used for the next available port. | |
|
| |
| | | | Re: SSDPSRV - Port 1025 try the program at www.grc.com (unPnP) | |
|
| | | | | Re: SSDPSRV - Port 1025 You can uninstall Universal Plug N Play in the Windows Control Panel in WinXP...but then I suppose you would have to reinstall it again, rather than simply using that guy's utility to enable it. | |
|
| | will disabling this screw up my usb devices? as it is the upnp universal plug & play | |
|
| | |  Re: will disabling this screw up my usb devices?
To disable, choose start, run, enter "services.msc" and press OK. Highlight "SSDP Discovery Service", right click and choose Properties, Stop the service, and set Startup Type to Disabled.
You will not lose any functionality unless you are actively using UPnP enabled software (such as MSN Messenger) behind a UPnP enabled internet connection sharing router. BUT if this were the case, the port scan would NOT detect it. | |
|
| |  novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH
1 edit | Re: will disabling this screw up my usb devices? double post | |
|
| | novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by moof2:
UPNP has nothing to do with Plug and Play, PnP, USB, or any of those things. Microsoft chose to hijack the Plug-and-Play name for a network protocol that is basically a rehash of SOCKS and some miscellanious stuff thrown in.
To disable, choose start, run, enter "services.msc" and press OK. Highlight "SSDP Discovery Service", right click and choose Properties, Stop the service, and set Startup Type to Disabled.
You will not lose any functionality unless you are actively using UPnP enabled software (such as MSN Messenger) behind a UPnP enabled internet connection sharing router. BUT if this were the case, the port scan would NOT detect it.
Upnp is plug and play for use over lans it scans the net work looking for plug and play devices such as printers.
If a computer with upnp enabled has a plug and play printer that will work for upnp it will auto configure and install the printer. Other possabilities include house hold pnp aware apliances example if a tv maker were to install a usb port and you had a computer hooked up to the tv that you could control volume and tuneing with and that computer was on a net work you could controll the volume and tuenign of that tv from any computer in the house.
Some security systems that have security cameras are already upnp aware and can be controlled by a computer hooked up to them or any computer that also has upnp enabled that has access to the computer controlling the security cameras.
But it wont interfear with usb and other standard plug and play hard ware think of upnp as a add on to pnp
--
my fav mmorpg »www.rubiesofeventide.com if you sign up use novaflare as referal | |
|
| | services to disable? What are the names of the UPnP services and what ones should i disable, because I have "Universal Plug And Play Device Host" and "SSDP Discovery Service" disabled and this port still appears open.
Thanks for any help anyone can give me. | |
|
| |  open port and SSDP not installed
| |
|
| | | Re: open port and SSDP not installed I think it's time that you just turned off you computer and tried some nice relaxing... Basket Weaving!! | |
|
| | | | Re: open port and SSDP not installed With all the time it takes to admin a windows box you won't have time for basket weaving. Get linux and make your life easier. Less admin time, cheaper, secure, free. | |
|
| | | | | Re: open port and SSDP not installed Hi there,
I have disabled both the UPnP and SSDP discover services. However my fire wall (Agnitum Outpost) still reports hundreds of attempts to access my computer, varying from ports 1024 to 65425.
Nothing is getting through (thanks to the firewall) but so many 'hits' on the firewall consquently cause cpu jumps making other programs slow down (not good!).
Any ideas?
John | |
|
| | | | | | Re: open port and SSDP not installed How you be so sure nothing is getting through your firewall?
I thought that Tiny Personal Firewall was not allowing anything through until I ran NetActiv on the WAN interface. This picked up packets coming through the Firewall on Ports where I had rules set up to deny. Since I have upgraded to the latest Kerio version no more problems. | |
|
iggk
join:2001-01-13
Nashua, NH | 1025,1026 still open after using unplugnprey i ran that utility mentiond in thios thred and still ports 1025,1026 are open any idea's ? | |
|
| | | Re: 1025,1026 still open after using unplugnprey I have also turned off the plug and play and the ssdp but still I get the 1025 port open...?? Anybody have any ideas why I still have that open port? | |
|
| | | Yes..download and install ZoneaAlarm firewall and none of those ports will be seen by those looking to corrupt ur PC. | |
|
| | easy fix Just use ZoneAlarms firewall and all's well. None of your ports will be available. | |
|
| |  Come on
Why not just keep up with the updates from microsoft (Yeah i know, not really someone to trust with security issues *LOL*), but i only use the build in firewall in windows xp and my com... is completely stealthed in all tests on the net  | |
|
| | | Re: Come on I'm using XP built in firewall and I still get open ports...as per macafee test site. Clues? | |
|
| | | | Re: Come on Get a real Firewall »www.astaro.com.
TCP Port 1025
Common Use
Microsoft Remote Procedure Call (RPC) service.
Inbound Scan
Currently inbound scans are likely RPC and LSA exploit attempts against the Windows, which by default should be blocked by your firewall. Ensure that your systems have the latest patches installed from Microsoft.
Outbound Scan
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated. | |
|
| | | | | Re: Come on I agree with your take on Astaro - I ended up getting 2 licenses for v5 with the integrated Snort intrusion detection, and ran v3 and v4 for quite sime time - works great - IPSEC VPN connections to my friends houses - masq to the internet - great portscan detection, and a very easy to use web frontend - all you need is a host with 2 nics - only allow admin on the internal nic, and whether you know unix or not, you off and flying - and if you do know unix, Astaro is a completely firewall tuned Linux distro, and if you don't care about support, you can make it do all kinds of things
I also like the accounting - how much do I transfer, and over what ports? The Packet Filter Live Log allows you too see blocked packets, and gives you the ability to turn on logging on the allowed ports so the Live Log shows you the accepted packets too.
Just had to put in my 2 cents - I have used IPChains/IPTables on Linux hosts for quite some time, but Astaro packages it very well, allows for Proxy services in chroot environments for security (squid, Socks 4/5, exim SMTP proxy, BIND proxy, ident if you so wish) You can use all or none - its up to you - really sweet package, and they have great deals for Home Users - free if you don't want the Virus or URL Content filtering up to 10 hosts behind it.
Hehe - sorry for the rambling, but its so nice I have 2 for 2 different connections, and some simple routing tricks, and I can route through either firewall Love it
Haplo | |
|
| | Just use Fedora Core II Its free, using webadmin (www.webmin.com) and you will be able to adjust the linux firewall rules to block ICMP, and suddenly you will be immune to all those damn worms. I use fedora for most of my stuff, and I disable the network adapter and use windows. .. | |
|
| | Port Blocking is a must these days ANALOG-X is the Stuff port blockers are made of
This program is "NOT" a Firewall, but it will allow you to run a server that is only available on the local network
»www.analogx.com/contents/downloa···lock.htm
Hope you find it as useful as I have
g'luck
pR0sp3ct
irc.modbox-world.com
#dvd-pR0sp3ct | |
|
|
|
