You have installed a Windows XP system somewhere in your system and it are trying to synchronize the clock to a clock server (lost the short name for it for the moment), And what is generating these blocks on the firewall.
Now you know what it is what generating this.. it's Microsoft XP.. /Jonas -----Ursprungligt meddelande----- Fr�n: Dean Michael Dorman [mailto:[EMAIL PROTECTED]] Skickat: den 5 december 2001 15:16 Till: [EMAIL PROTECTED] �mne: RE: port 1900 on gnatbox --------------------- Attention ----------------------------- A digest version of this list is now available. Send email to [EMAIL PROTECTED], with the following message: subscribe gb-users-digest your_email_address Then unsubscribe from this list. ------------------------------------------------------------- GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- Thanks for the replies, here is a little more info. The originating box is my own workstation running win2k pro sp2. I don't have decent 3 installed. I have checked to see if I have - for some reason - installed the universal PnP option. I have not. At this point I just turned off the alarm for any rejected packets originating on the protected interface. I still get the rejections, just not the ton of emailed reports. My workstation is part of a network in which all the other workstations have win2k sp2 installed, so I doubt this has anything to do with default settings. I have the latest NOD32 antivirus installed, so I am fairly confident this isn't a worm/virus (I hope), and I am not seeing any performance degradation due to this. Dean -----Original Message----- From: Adrian Bolzan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 04, 2001 5:48 PM To: [EMAIL PROTECTED] Subject: Re: port 1900 on gnatbox --------------------- Attention ----------------------------- A digest version of this list is now available. Send email to [EMAIL PROTECTED], with the following message: subscribe gb-users-digest your_email_address Then unsubscribe from this list. ------------------------------------------------------------- GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- Hi, doing a quick search of port numbers and found that port 1900 is used for Universal Plug and Play SSDP (Simple Service Discovery Protocol). Perhaps there is an IPP printer set to use SSDP on your network? I also found reference to the game Descent 3. I liked this comment about SSDP: "UPnP/SSDP is the technology that, in years to come, will allow our refrigerators and can openers to send e-mail to our automobiles and softball mits." As for trying to attach to the Gnatbox on this port- perhaps someone is playing Descent3 through your firewall? hope that helps a little, adrian On 4 Dec 2001 at 13:35, Dean Michael Dorman wrote: > --------------------- Attention ----------------------------- A digest > version of this list is now available. Send email to > [EMAIL PROTECTED], with the following message: subscribe > gb-users-digest your_email_address Then unsubscribe from this list. > ------------------------------------------------------------- > GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi > Send postings to: [EMAIL PROTECTED] > Access the list archives at: http://www.gnatbox.com/gb-users/ > ------------------------------------------------------------- > Sorry for a lame question like this but I'd like to know what is > significant about port 1900 on my gnatbox that apparently one system > keeps trying to atteach to it. 570Labs is my gnatbox. > I have gotten hundreds of these per day. They stop for a while after a > reboot but then seem to start up after the system has been up for a few > hours. I've stopped MS IM, ICQ, IRC, my AV software, pretty much > everything but the alarms keep coming. They seem to start from random > high ports on the client machine. > > ALARM NO: 1 > DATE: Tue 2001-12-04 13:02:07 > INTERFACE: PROTECTED (dc0) > INTERFACE TYPE: Protected > ALARM TYPE: Block > IP PACKET: UDP [10.0.0.3/1244]-->[10.0.0.254/1900] l=132 > > [black-n-tan.dorman-home.local/1244]-->[570Labs/1900] > > DETAILED DESCRIPTION: > IP packet was rejected. > > > > > ...................................................................... > .. > ............................... > Dean M. Dorman > Systems Administrator > Putnam Company / Acorn Markets > http://www.acornmarkets.com > PGP Key fingerprint: > 6ABF BAF4 7784 1F54 18A6 C8A6 C788 4C14 22C2 5A75 > .......................................................................=
