Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Skype -> upnp AddPortMapping port 4444?!
From: michel at moose.se (Michel Lundell)
Date: Thu, 02 Apr 2009 07:16:36 +0000

Hi l33t folks!

Does skype add a external port using upnp?
(and to the port 4444!!!?)
The port number seemes familiar ,o), also the AddPortMapping ...

This is a incident right? or does skype do this on the windows platform?
Cant detect this behaviour on a linux box...

Scanned the router, but nmap did not detect any open port, so it may
failed or was closed when I performed the scan... maybe it failed?

I have not permission to access the router config yet....

/M

#(26 - 8149) [2009-03-30 07:38:46] [local/100021] [snort/1:100021]  to router traffic alert
IPv4: 192.168.1.2 -> 192.168.0.254
      hlen=5 TOS=0 dlen=903 ID=16342 flags=0 offset=0 TTL=128 chksum=13386
TCP:  port=61432 -> dport: 4444  flags=***AP*** seq=1705820595
      ack=1383450833 off=5 res=0 win=64240 urp=0 chksum=15790
Payload: POST /wipconn HTTP/1.0<DIV class="nonascii">[2 non-ASCII characters]</DIV>Host: 192.168.0.254:4444<DIV 
class="nonascii">[2 non-ASCII characters]</DIV>Content-Type: text/xml; charset="utf-8"<DIV class="nonascii">[2 
non-ASCII characters]</DIV>SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"<DIV 
class="nonascii">[2 non-ASCII characters]</DIV>Connection: close<DIV class="nonascii">[2 non-ASCII 
characters]</DIV>Content-Length: 653<DIV class="nonascii">[4 non-ASCII characters]</DIV><?xml version="1.0" 
encoding="utf-8"?><DIV class="nonascii">[2 non-ASCII characters]</DIV><s:Envelope 
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";><DIV 
class="nonascii">[2 non-ASCII characters]</DIV><s:Body><u:AddPortMapping 
xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewRemoteHost></NewRemoteHost><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewExternalPort>6895</NewExternalPort><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewProtocol>TCP</NewProtocol><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewInternalPort>6895</NewInternalPort><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewInternalClient>192.168.1.2</NewInternalClient><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewEnabled>1</NewEnabled><DIV class="nonascii">[2 non-ASCII 
characters]</DIV><NewPortMappingDescription>Skype TCP at 192.168.1.2:6895 (819)</NewPortMappingDescription><DIV 
class="nonascii">[2 non-ASCII characters]</DIV><NewLeaseDuration>0</NewLeaseDuration><DIV class="nonascii">[2 non-ASCII 
characters]</DIV></u:AddPortMapping></s:Body></s:Envelope><br><br>





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]