dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


About

Mark
Premium
join:2001-11-15
Phoenix, AZ
kudos:1

SSDPSRV - Port 1025

The Simple Service Discovery Protocol finds UPnP devices on your home network. For security reasons, I recommend disabling it along with all other UPnP services.

Edit: I've also heard reports that MSTask and DCOM also use this port, your mileage may vary. Also, keep in mind that ports >1024 are designated for dynamic allocation by Windows.
[text was edited by author 2003-01-26 00:32:49]

PetePuma
How many lumps do you want
Premium,MVM
join:2002-06-13
Arlington, VA

Re: SSDPSRV - Port 1025

Ports 1025 and above are the start of the dynamic range for almost all TCP/IP stack implementations. When programs start and ask for "next available" socket, they get them sequentially starting at 1025.

Depending on what's running on your computer and the order it starts in, this port (and those above it) could be almost anything.

Black Box

join:2002-12-21

Re: SSDPSRV - Port 1025

Well, not quite sequentially. If the allocation would be done sequentially then it would open the door for a class of guessing attacks. The security increases with the randomness of allocation.

A second note, some systems can set the range of ports to be used for the next available port.
flydancer

join:2001-07-19
Portugal
how can I disable it?

the guy

@telia.com

Re: SSDPSRV - Port 1025

try the program at www.grc.com (unPnP)
astrobill

join:2002-05-05
Centreville, VA

Re: SSDPSRV - Port 1025

You can uninstall Universal Plug N Play in the Windows Control Panel in WinXP...but then I suppose you would have to reinstall it again, rather than simply using that guy's utility to enable it.
X013

join:2003-10-06

will disabling this screw up my usb devices?

as it is the upnp universal plug & play

moof2

@jur.uva.nl

Re: will disabling this screw up my usb devices?

UPNP has nothing to do with Plug and Play, PnP, USB, or any of those things. Microsoft chose to hijack the Plug-and-Play name for a network protocol that is basically a rehash of SOCKS and some miscellanious stuff thrown in.

To disable, choose start, run, enter "services.msc" and press OK. Highlight "SSDP Discovery Service", right click and choose Properties, Stop the service, and set Startup Type to Disabled.

You will not lose any functionality unless you are actively using UPnP enabled software (such as MSN Messenger) behind a UPnP enabled internet connection sharing router. BUT if this were the case, the port scan would NOT detect it.

novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

1 edit

Re: will disabling this screw up my usb devices?

double post

novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
said by moof2:
UPNP has nothing to do with Plug and Play, PnP, USB, or any of those things. Microsoft chose to hijack the Plug-and-Play name for a network protocol that is basically a rehash of SOCKS and some miscellanious stuff thrown in.

To disable, choose start, run, enter "services.msc" and press OK. Highlight "SSDP Discovery Service", right click and choose Properties, Stop the service, and set Startup Type to Disabled.

You will not lose any functionality unless you are actively using UPnP enabled software (such as MSN Messenger) behind a UPnP enabled internet connection sharing router. BUT if this were the case, the port scan would NOT detect it.

Upnp is plug and play for use over lans it scans the net work looking for plug and play devices such as printers.
If a computer with upnp enabled has a plug and play printer that will work for upnp it will auto configure and install the printer. Other possabilities include house hold pnp aware apliances example if a tv maker were to install a usb port and you had a computer hooked up to the tv that you could control volume and tuneing with and that computer was on a net work you could controll the volume and tuenign of that tv from any computer in the house.
Some security systems that have security cameras are already upnp aware and can be controlled by a computer hooked up to them or any computer that also has upnp enabled that has access to the computer controlling the security cameras.

But it wont interfear with usb and other standard plug and play hard ware think of upnp as a add on to pnp
--
my fav mmorpg »www.rubiesofeventide.com if you sign up use novaflare as referal
hollie8

join:2004-02-02
England

services to disable?

What are the names of the UPnP services and what ones should i disable, because I have "Universal Plug And Play Device Host" and "SSDP Discovery Service" disabled and this port still appears open.

Thanks for any help anyone can give me.
mblumen

join:2004-02-03
Peru

open port and SSDP not installed

i need some help; this port shows as open in my computer, but i have gone to services.msc and found that the SSDP wasn't installed. and that program unPnP also showed my i didn't have it installed. what can be happening? by the way, i was infected by the worms w32.randex.gen and AZ. i guess i have deleted it completely -including registry entries-; and i actually don't know if it had something to do.

Re: open port and SSDP not installed

I think it's time that you just turned off you computer and tried some nice relaxing... Basket Weaving!!

opensource

@cablespeed.com

Re: open port and SSDP not installed

With all the time it takes to admin a windows box you won't have time for basket weaving. Get linux and make your life easier. Less admin time, cheaper, secure, free.
carribey

join:2004-03-08
UK

Re: open port and SSDP not installed

Hi there,
I have disabled both the UPnP and SSDP discover services. However my fire wall (Agnitum Outpost) still reports hundreds of attempts to access my computer, varying from ports 1024 to 65425.
Nothing is getting through (thanks to the firewall) but so many 'hits' on the firewall consquently cause cpu jumps making other programs slow down (not good!).
Any ideas?
John

zigcoors

@ntli.net

Re: open port and SSDP not installed

How you be so sure nothing is getting through your firewall?
I thought that Tiny Personal Firewall was not allowing anything through until I ran NetActiv on the WAN interface. This picked up packets coming through the Firewall on Ports where I had rules set up to deny. Since I have upgraded to the latest Kerio version no more problems.
iggk

join:2001-01-13
Nashua, NH

1025,1026 still open after using unplugnprey

i ran that utility mentiond in thios thred and still ports 1025,1026 are open any idea's ?
sleepy22

join:2003-09-05
Minneapolis, MN

Re: 1025,1026 still open after using unplugnprey

I have also turned off the plug and play and the ssdp but still I get the 1025 port open...?? Anybody have any ideas why I still have that open port?

PitViperMD

@adelphia.net
Yes..download and install ZoneaAlarm firewall and none of those ports will be seen by those looking to corrupt ur PC.

PitViperMD

@adelphia.net

easy fix

Just use ZoneAlarms firewall and all's well. None of your ports will be available.

Henriktha

@k213.webspeed.dk

Come on

Hey.....

Why not just keep up with the updates from microsoft (Yeah i know, not really someone to trust with security issues *LOL*), but i only use the build in firewall in windows xp and my com... is completely stealthed in all tests on the net

betatester

@aol.com

Re: Come on

I'm using XP built in firewall and I still get open ports...as per macafee test site. Clues?
ThunderAce

join:2003-03-30
Raleigh, NC

Re: Come on

Get a real Firewall »www.astaro.com.

TCP Port 1025
Common Use

Microsoft Remote Procedure Call (RPC) service.
Inbound Scan

Currently inbound scans are likely RPC and LSA exploit attempts against the Windows, which by default should be blocked by your firewall. Ensure that your systems have the latest patches installed from Microsoft.
Outbound Scan

Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated.
haploeco

join:2004-06-26
Fort Collins, CO

Re: Come on

I agree with your take on Astaro - I ended up getting 2 licenses for v5 with the integrated Snort intrusion detection, and ran v3 and v4 for quite sime time - works great - IPSEC VPN connections to my friends houses - masq to the internet - great portscan detection, and a very easy to use web frontend - all you need is a host with 2 nics - only allow admin on the internal nic, and whether you know unix or not, you off and flying - and if you do know unix, Astaro is a completely firewall tuned Linux distro, and if you don't care about support, you can make it do all kinds of things

I also like the accounting - how much do I transfer, and over what ports? The Packet Filter Live Log allows you too see blocked packets, and gives you the ability to turn on logging on the allowed ports so the Live Log shows you the accepted packets too.

Just had to put in my 2 cents - I have used IPChains/IPTables on Linux hosts for quite some time, but Astaro packages it very well, allows for Proxy services in chroot environments for security (squid, Socks 4/5, exim SMTP proxy, BIND proxy, ident if you so wish) You can use all or none - its up to you - really sweet package, and they have great deals for Home Users - free if you don't want the Virus or URL Content filtering up to 10 hosts behind it.

Hehe - sorry for the rambling, but its so nice I have 2 for 2 different connections, and some simple routing tricks, and I can route through either firewall Love it

Haplo

fedora2rules

@chlmrd01.dc.comcast.

Just use Fedora Core II

Its free, using webadmin (www.webmin.com) and you will be able to adjust the linux firewall rules to block ICMP, and suddenly you will be immune to all those damn worms. I use fedora for most of my stuff, and I disable the network adapter and use windows. ..
pR0sp3ct

join:2004-01-31
San Diego, CA

Port Blocking is a must these days

ANALOG-X is the Stuff port blockers are made of
This program is "NOT" a Firewall, but it will allow you to run a server that is only available on the local network

»www.analogx.com/contents/downloa···lock.htm

Hope you find it as useful as I have
g'luck
pR0sp3ct
irc.modbox-world.com
#dvd-pR0sp3ct