Has anyone else experinced this from a windows xp box.


2004-Feb 8 11:02:46 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59761 PROTO=UDP SPT=35153 DPT=1900 LEN=141
2004-Feb 8 11:02:46 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=59764 PROTO=UDP SPT=35153 DPT=1900 LEN=140
2004-Feb 8 11:02:46 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59765 PROTO=UDP SPT=35153 DPT=1900 LEN=141
2004-Feb 8 11:02:47 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=59789 PROTO=UDP SPT=35153 DPT=1900 LEN=140
2004-Feb 8 11:02:47 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59790 PROTO=UDP SPT=35153 DPT=1900 LEN=141
2004-Feb 8 11:02:47 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=59794 PROTO=UDP SPT=35153 DPT=1900 LEN=140
2004-Feb 8 11:02:47 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59795 PROTO=UDP SPT=35153 DPT=1900 LEN=141
2004-Feb 8 11:02:48 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=59798 PROTO=UDP SPT=35153 DPT=1900 LEN=140
2004-Feb 8 11:02:48 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59799 PROTO=UDP SPT=35153 DPT=1900 LEN=141
2004-Feb 8 11:02:48 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=59802 PROTO=UDP SPT=35153 DPT=1900 LEN=140
2004-Feb 8 11:02:48 (none) kernel: UDP Drop: IN=eth0 OUT= MAC=00:10:4b:0d:02:15:00:e0:18:af:3c:30:08:00 SRC=192.168.2.20 DST=192.168.2.1 LEN=161 TOS=0x00 PREC=0x00 TTL=1 ID=59803 PROTO=UDP SPT=35153 DPT=1900 LEN=141


I have noticed hundreds of these callouts every couple of seconds but it seems that it is just from this machine in the network.. after a little googleing, I see that it is related to the
Simple Service Discovery Protocol (SSDP) discovery service searches for
Universal Plug and Play devices on your home network.

Also related to the net messenger service which that service is disabled on that machine. not sure why it is coming from that machine.... I know that is not being logged but I am sure this annoyance traffic does not help traffic bandwidth.... Any solutions ?

This can be caused by a few things.

One thing you can check out is if you have uPnP loaded.

Control Panel > Add/Remove Programs > Add/Remove Components

another thing to check out is you can scan your PC for the blaster worm. [img]/images/graemlins/smile.gif[/img] just a few things to check out. There's a few things it coudl be but those 2 are the most common.

Blaster worm has nothing to do with this log entry..... UPNP is the problem.... because of NAT Tranversal..... I was wondering if anyone else was seeing these in thier packet filter....

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\DirectPlayNATHelp\DPNHUPnP
Name: UPnPMode
Type: REG_DWORD
Value: 2 disabled
With UPnPMode=2, Universal Plug and Play Network Address Translation (NAT) traversal
discovery does not occur

Easy Fix is right here....

http://grc.com/unpnp/unpnp.htm