[Pauldotcom] Skype -> upnp AddPortMapping port 4444?!

Michel Lundell Thu, 02 Apr 2009 04:11:06 -0700

Hi l33t folks!

Does skype add a external port using upnp?
(and to the port 4444!!!?)
The port number seemes familiar ,o), also the AddPortMapping ...


This is a incident right? or does skype do this on the windows platform?
Cant detect this behaviour on a linux box...

Scanned the router, but nmap did not detect any open port, so it may
failed or was closed when I performed the scan... maybe it failed?

I have not permission to access the router config yet....

/M

#(26 - 8149) [2009-03-30 07:38:46] [local/100021] [snort/1:100021]  to router 
traffic alert
IPv4: 192.168.1.2 -> 192.168.0.254
      hlen=5 TOS=0 dlen=903 ID=16342 flags=0 offset=0 TTL=128 chksum=13386
TCP:  port=61432 -> dport: 4444  flags=***AP*** seq=1705820595
      ack=1383450833 off=5 res=0 win=64240 urp=0 chksum=15790
Payload: POST /wipconn HTTP/1.0<DIV class="nonascii">[2 non-ASCII 
characters]</DIV>Host: 192.168.0.254:4444<DIV class="nonascii">[2 non-ASCII 
characters]</DIV>Content-Type: text/xml; charset="utf-8"<DIV 
class="nonascii">[2 non-ASCII characters]</DIV>SOAPAction: 
"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"<DIV 
class="nonascii">[2 non-ASCII characters]</DIV>Connection: close<DIV 
class="nonascii">[2 non-ASCII characters]</DIV>Content-Length: 653<DIV 
class="nonascii">[4 non-ASCII characters]</DIV><?xml version="1.0" 
encoding="utf-8"?><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><s:Envelope 
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; 
s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";><DIV 
class="nonascii">[2 non-ASCII characters]</DIV><s:Body><u:AddPortMapping 
xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><DIV 
class="nonascii">[2 non-ASCII 
characters]</DIV><NewRemoteHost></NewRemoteHost><DIV class="nonascii">[2 
non-ASCII characters]</DIV><NewExternalPort>6895</NewExternalPort><DIV 
class="nonascii">[2 non-ASCII 
characters]</DIV><NewProtocol>TCP</NewProtocol><DIV class="nonascii">[2 
non-ASCII characters]</DIV><NewInternalPort>6895</NewInternalPort><DIV 
class="nonascii">[2 non-ASCII 
characters]</DIV><NewInternalClient>192.168.1.2</NewInternalClient><DIV 
class="nonascii">[2 non-ASCII characters]</DIV><NewEnabled>1</NewEnabled><DIV 
class="nonascii">[2 non-ASCII characters]</DIV><NewPortMappingDescription>Skype 
TCP at 192.168.1.2:6895 (819)</NewPortMappingDescription><DIV 
class="nonascii">[2 non-ASCII 
characters]</DIV><NewLeaseDuration>0</NewLeaseDuration><DIV class="nonascii">[2 
non-ASCII characters]</DIV></u:AddPortMapping></s:Body></s:Envelope><br><br>



_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

[Pauldotcom] Skype -> upnp AddPortMapping port 4444?!

Reply via email to