Message from firewall when connecting...

I frequently get this message from the firewall when connecting to the "net.

Windows Explorer(explorer.exe) is trying to connect to the following remote computer.. I always say no because I have no idea what it means...sometimes it says Kernel32.dll is trying to connect.

When I click *details* this is what shows:
File Version : 5.50.4134.100
File Description : Windows Explorer (EXPLORER.EXE)
File Path : C:\WINDOWS\EXPLORER.EXE
Process ID : 0xFFFE1A81 (Heximal) 4294843009 (Decimal)

Connection origin : local initiated
Protocol : UDP
Local Address : 4.156.24.21
Local Port : 1109
Remote Name :
Remote Address : 239.255.255.250
Remote Port : 1900 (SSDP - Simple Service Discovery Protocol)

Ethernet packet details:
Ethernet II (Packet Length: 140)
Destination: 01-00-5e-7f-ff-fa
Source: 44-45-53-54-00-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 4
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xaaa9 (Correct)
Source: 4.156.24.21
Destination: 239.255.255.250
User Datagram Protocol
Source port: 1109
Destination port: 1900
Length: 8
Checksum: 0xc9ab (Correct)
Data (105 Bytes)

Binary dump of the packet:
0000: 01 00 5E 7F FF FA 44 45 : 53 54 00 00 08 00 45 00 | ..^...DEST....E.
0010: 00 7D 00 1B 00 00 04 11 : A9 AA 04 9C 18 15 EF FF | .}..............
0020: FF FA 04 55 07 6C 00 69 : AB C9 4D 2D 53 45 41 52 | ...U.l.i..M-SEAR
0030: 43 48 20 2A 20 48 54 54 : 50 2F 31 2E 31 0D 0A 48 | CH * HTTP/1.1..H
0040: 6F 73 74 3A 32 33 39 2E : 32 35 35 2E 32 35 35 2E | ost:239.255.255.
0050: 32 35 30 3A 31 39 30 30 : 0D 0A 53 54 3A 75 70 6E | 250:1900..ST:upn
0060: 70 3A 72 6F 6F 74 64 65 : 76 69 63 65 0D 0A 4D 61 | p:rootdevice..Ma
0070: 6E 3A 22 73 73 64 70 3A : 64 69 73 63 6F 76 65 72 | n: "ssdp:discover
0080: 22 0D 0A 4D 58 3A 33 0D : 0A 0D 0A 00 | "..MX:3.....

Does anyone have any idea what this is, or why Explorer is doing this??
I have no idea what these details mean and I always deny permission...

TIA for any help...

 

NAV2003, Spybot Search and Destroy and adaware all find nothing.

What should I do?

Arin says it is IANA...

 

Read this.http://www.nthelp.com/upnpscrewup.htm It may anwer your questions. I don't have a clue to what it all means.

 

224.0.0.0 - 239.255.255.255 are reserved for multi-cast and will not have been assigned to any site so the destination address isn't to a web site or anything similar.

4.0.0.0 - 4.255.255.255 is a huge block of addresses assigned to Level 3 Communications, Inc. at 1025 Eldorado Blvd. in Broomfield, CO but I'm certain they've leased off various bits of it. Interesting that whoever has the piece containing 4.156.24.21 isn't shown seperately. Is that your IP address and if so, who is your ISP?

Simple Service Discovery Protocol is a multicast protocol but designed for corporate networks mostly since it is a way for Plug & Play devices to announce their presence. Here for details.

This could well be some sort of attack. If so, it's a really interesting one (if you enjoy security and aren't the one being attacked that is).

I'm moving this to the security section and I would appreciate your waiting on one of the security guru's to comment. They may know all about it but if not, it may be something new and in that case they may want to get details or maybe even have you send them an infected file or two. Security guru's are strange folk. Someone should respond later today.

We in America really need a word like the UK term 'Boffin'. It would fit so much better here than 'guru'. In fact, the Brits may need the word as well since I've only seen it used for WWII techies.