SSDP Discovery Service (SSDPSRV)

[BoardBabe]

Edit: Never mind, googled the answer.

Activate UPnP unattend from command:

sc config upnphost start= auto

net start upnphost

sc config SSDPSRV start= auto

net start SSDPSRV

Edited December 11, 2005 by BoardBabe

[RogueSpear]

Just to let you know, I wouldn't recommend running these two services unless you seriously have a good reason to. Not only are there myraid of security concerns, but there's also connectivity issues with connecting to Oracle databases. Which in my mind means there could also be other connectivity issues I don't even know about.

[BoardBabe]

Hmmm mind explaining a bit more what those connectivity issues concern, and what security risks are involved?

I use UPnP for FTP transfers and MSNmessenger mainly through a Linksys router. (UPnP works better than port forwarding as there are more LAN users using these services)

[RogueSpear]

The connectivity issues had to do with an Oracle database that has at most, about 12 simultaneous clients connecting to it. All of the clients were getting errors from the Oracle client itself, followed by an error in the custom application, that connectivity was interrupted. Being that I am not an Oracle guy, I called one in. Well he couldn't find the issue on his own. He called in a Linux guru since the database was running on Red Hat. Between the two of them, they definitively found that with UPnP and SSDP enabled, there were timing issues fouling up the connection to the database server. When I say "definitively" I mean that they actually conducted some in depth tests in order to document the issue. So it's probably not an issue will affect the majority of users out there, but I felt it was worth noting since who knows what else gets screwed up by this.

As far as the security concerns go, they are many. In fact there are CERT bulletins out and the US DoD and NSA recommend disabling these services. If you do some Googling you'll find all kinds of interesting things. Here are some samples:

One

Two

Now I realize that these are both dated from 2001, but it still holds true today, even with SP2. One could argue that I'm being a little too security concious, but when all of the major firewall vendors are still blocking the protocol in their default configurations, it's usually something to take note of.

[raskren]

The UPnP security issues are largely overrated. If you host UPnP devices on your home network and are behind a firewall/router/nat you are fine. I wouldn't host a UPnP device on a DMZ machine or one with a static, public IP.

UPnP was designed for the SOHO market, not corporate networks. How many people run an Oracle database at home?

Don't believe Slashdot and the Inq.

Edited December 12, 2005 by raskren

[RogueSpear]

I think that good practice is to disable any services that aren't necessary. In other words, if you can find a way to do what you want to do without those two services, do it that way. The other point is that UPnP introduces openings and security issues specifically when you have that warm and cozy feeling of being behind a Router/Firewall/NAT.

Use it at your own risk.

[kurt476]

hellloooooooooo people, i use upnp form my router and that requires this.

Edited January 5, 2006 by kurt476

[Dixel]

Hello all , does anyone have a good working guide on on how to get rid of SSDP traffic in Windows Vista ?

I have an old programme (a video player with mdns casting "feature" which I don't use/need). I've blocked it with windows firewall and tried to block it with several third party firewalls too , yet I still see lots of ssdp traffic coming from this programme (both ways). I have blocked all inbound traffic too , of course. 

I have these services disabled , yet it doesn't help to stop ssdp. 

Computer Browser

SSDP Discovery

UPnP Device Host

Function Discovery Resource Publication

Function Discovery Provider host

These artices that came up first in the search are useless too.

https://its.uiowa.edu/support/article/3576

https://tweaks.com/windows/37087/completely-disable-universal-plug-and-play-upnp/

https://alferkwok.wordpress.com/2011/07/20/disable-network-discovery-by-gpo-windows-vista-or-later/

 

Thanks in advance.

[Gansangriff]

Hm. My Windows XP machine was making SSDP calls on startup. After disabling SSDP Discovery (aside from having 80% of the other services disabled), nothing of that SSDP traffic was left. It looks like your video program doesn't rely on the Windows services to chat around the web, if you've disabled them already. Which video program are we talking about?

[Dixel]

The programme is Power DVD (circa 2009). It was supplied with the PC . As of now, I have that dubious "feature" disabled. But that's not a permanent solution. That'ss not the programme that makes me wonder , that's all those firewalls that allow such kind of  traffic . As far as I know, they have that MDNS "casting" in Power DVD for a long time , since version 7 or so.

[Gansangriff]

PowerDVD... that was a software that came with some new PCs here as well (which is a bad sign for the software, to be honest). Do you have the exact version number of yours? I've found a big list on oldversion.com.
I'll try tackling this with my OpenWRT firewall. Is VLC an option for your use case?

[Dixel]

16 hours ago, Gansangriff said:

PowerDVD... that was a software that came with some new PCs here as well ...

I really appreciate , but I'm afraid you won't be able to test it yourself since all retail versions have a rather hard activation process and install a ton of bloatware (protections and the such) , not to mention you'd have to have a license. The version that came with the PC is much easier in this regard . It auto self-activates on this motherboard only . The version is 11.0.0.2516 . With all due respect to VLC , it just doesn't have that picture depth and sound quality and began to support DTS only recently. I'm not a Cyberlink employee , it's my own opinion and I really like that version . The newer ones are much , much worse , so I won't buy them.

[Gansangriff]

At least a short test of WinDVD V11 was possible. There is a 30-day test version, which unfortuneatly didn't last 30 days, rather 1 time closing the program. So it's indeed not possible to find out more details for me here.

On the install and activation process, usual things (for a program of a big company like Corel) happen. Connections to some servers:
crl.microsoft.com
apps.corel.com
origin-mc.corel.com
mc.corel.com
Unfortuneatly, no SSDP connections detected, running WinDVD V11 on Windows XP.

[Dixel]

11 hours ago, Gansangriff said:

At least a short test of WinDVD V11 was possible...

Actually, it's Power DVD we were talking about , but I totally understand it is easy to mix them up and the activation process is quite hard , if not unbearable with both. I've read that newer versions need to be activated for each codec , for example , to play x265/H265 (HEVC) with version 16 you need to activate it separately with a given number. Just ridiculous , I won't support them , that's for sure  , but I see the customers are OK with this , like most of folks are OK with everything that's going on.

In any case, I really appreciate your help, thanks and like from me.

[Gansangriff]

I'm sorry, this is embarassing... misreading the name of the programm. Anyways, PowerDVD also has  a trial version, and it's working fine. And indeed, a lot of SSDP connections are happening! Unfortuneatly, I've tried quite hard, but didn't succeed in blocking this SSDP traffic around my network. The last word isn't spoken here, I have the use case of blocking SSDP too, and through that I learn something about my firewall, so I'll try again, but not this day.