WinXP Pro sends permanently UPnP requests to router

  • Thread starter Thread starter Sebastian Hiller
  • Start date Start date
S

Sebastian Hiller

Hello,

I have a problem with my Win XP Pro SP2 machine. A week ago I
experienced a performance hit of my DLINK 624+ router for the first
time. Since then the LEDs for LAN activity are blinking, even if I don't
do anything on my network.
I used TCPView from Sysinternals and Ethereal to search for the cause
and discovered that the process "svchost -k netsvcs" (always PID 1224 on
my machine) sends UPnP requests (as XML, SOAP Envelopes) to the router
on port 5678. It keeps sending such requests from every outgoing port,
beginning from port 1000 (e.g. 1000,1001,...,8784,8785,...), three
requests per second (it's almost like a DoS attack). On the overhand the
UPnP services are located in the LocalService group and not in the
netsvcs group of services.
I scanned the machine for viruses, but according to the virus scanner
it is clean.
If I kill the process, the problem is solved, but AFAIK it is a default
Windows process, so that seems not to be the right solution.


Is anyone out there, who can give a hint?

Thanks in advance!

Sebastian Hiller
 
Hello,

I have a problem with my Win XP Pro SP2 machine. A week ago I
experienced a performance hit of my DLINK 624+ router for the first
time. Since then the LEDs for LAN activity are blinking, even if I don't
do anything on my network.
I used TCPView from Sysinternals and Ethereal to search for the cause
and discovered that the process "svchost -k netsvcs" (always PID 1224 on
my machine) sends UPnP requests (as XML, SOAP Envelopes) to the router
on port 5678. It keeps sending such requests from every outgoing port,
beginning from port 1000 (e.g. 1000,1001,...,8784,8785,...), three
requests per second (it's almost like a DoS attack). On the overhand the
UPnP services are located in the LocalService group and not in the
netsvcs group of services.
I scanned the machine for viruses, but according to the virus scanner
it is clean.
If I kill the process, the problem is solved, but AFAIK it is a default
Windows process, so that seems not to be the right solution.


When I setup XP I routinely disable about half of the Windows services which are
enabled by default. I just don't need them, or the problems they cause.
 
Back
Top