Disable ssdp discovery or not. Programmer Free programs for your computer, useful tips for Windows
Solution
There are more and more technologies. They are born, change, disappear and are reborn. All this creates a big lump that grows and grows. Often, in many companies, figuring out what is generally used in the corporate infrastructure is already a big task, not to mention setting it all up safely... What I mean is that there are places through which we can break something somewhere or at least find out - a huge amount. Today we will touch on this. And the first example would be email.
WARNING
All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.It was invented as a service many years ago. It is based on the SMTP protocol, operating on the twenty-fifth TCP port. The principle of its operation looks something like this. We, using our mail client, connect to the mail server (Mail Transfer Agent) via SMTP and say that we want to send a letter to such and such an address. The MTA receives a letter from us and connects to the MTA server (again via SMTP) where we send the letter. Our MTA receives the IP address of the remote MTA from the MX record of the domain zone where we are sending the letter (what goes in the email after @). Finding an MX record (read: MTA) for any domain is very simple:
Nix: dig MX any_host_name.com Win: nslookup -type=mx any_host_name.com 
You can even send a letter yourself using ncat or Telnet. All that is required are four commands: HELO, MAIL TO, RCPT TO, DATA (although there are a number of restrictions depending on the server settings). It's also worth noting that each email has headers and a message body. Headers are only partially displayed to the end user (for example, "Subject:") and are used, for example, when an email is bounced due to problems in the final MTA.
But the most important thing is that the letter actually passes through more than one MTA and each of them adds a number of its own headers. Moreover, everyone here is very, very “talkative.” For example, if a letter comes from some corporate network to our email, then we will most likely see in the headers the IP address of the user who sent it (that is, the one who connected to the internal MTA in the corporate network) and the version of the email client used . Next we will see the data of the MTA itself: IP address (or name in the corporate domain), version of the server software. And after that, very often - a similar entry, but on a different MTA network interface.
In addition to this, you can often see the version of the corporate antivirus that scans all mail, or the spam filter used, as well as the characteristics of the spam detection. All of this can be used for more sophisticated social engineering attacks. For example, in certain situations we can “monitor” in advance the likelihood that our email will end up in spam. By the way, if you send a letter through some website (for example, mail.ru), then your IP can also be seen in the headers.
How can you see these headings? Very simple. All email clients support them. For example, in Thunderbird -
Bottom line. We send one letter to a secretary at some company, she answers us. And we already know what’s going on there :).
Get a list of domains
Solution
Let's continue collecting information. Let's imagine a company that we want to break from the outside. One of the first tasks for an internet penetration test is to obtain a list of domain names/virtual hosts. There are many methods, and they are as old as time: reverse IP resolution, name search, Google hacking. And none of them gives the full result, so let’s try to use them all together, adding something new along the way :).
"New" is the collection of name information using SSL. So let's remember the basics. When connecting via SSL to any server, it returns its certificate to us. A certificate is a set of fields (including the server's public key) signed by the root certification authority. It also contains a CN (Common Name) field, which contains the name of the server to which this certificate was issued. This is already something.
For example, when we scan a network by IP addresses and find some HTTP server, we can often receive a response from it with an error (403). Everything is correct, because we don’t know what to indicate in the Host header of an HTTP request. This is where the server name comes in handy. Let's look at the SSL certificate, and voila - we already know what to put in the header.
But that is not all. There is another little-known field of the same certificate - SubjectAltName. It allows you to specify alternative names. That is, in fact, one key can be used for completely different names. Look at the pictures and everything will become clear.
It turns out that we seem to get grains of information that interests us from the “security” chip. I would also like to note from personal experience that sometimes certificates also contain information about internal host names.
Attack using session puzzling technique
Solution
Logical vulnerabilities are always fun. They can be simple and complex, but they have one thing in common - the need to think correctly. There’s just a small problem with them: they’re somehow not particularly typified (perhaps just because they’re all so diverse :)). Anyway. I want to tell you about an interesting technique (or type of vulnerabilities, depending on how you look at it) that was presented relatively recently, a couple of years ago. Its name is session puzzling or session variable overloading (according to OWASP).
First, let's remember how web applications authenticate and authorize the user (HTTP is stateless).
- The user enters the site.
- The user enters the username and password and sends it to the server.
- The server checks this data and, if everything is correct, allows it into the internal part, while sending the user a cookie in the HTTP response.
- When the user goes to another page, the browser adds a cookie to the request. Using this cookie, the server understands that the user is already authenticated and works in accordance with this idea.
Everything looks quite clear, but an important point is missing here. It consists in the fact that the server stores information about the session of a specific user. That is, a cookie arrives from the user, he takes it and looks (in memory, in the database - depending on the software), and what is “attached” to it. The simplest example: it can store the username in a session. And from the cookie, get the name from the session and know exactly who is accessing it at the moment.
In general, “temporary” information is usually stored in a session, and something more or less permanent is stored in the database. For example, it is logical to store the user’s name in the session, but his “role” can be stored in the database and requested only when necessary. Here, in fact, a lot depends on the specific application and software developer.
For example, storing a large amount of data in a session can lead to either the web server's memory (Tomcat) or hard disk space (PHP) being exhausted. On the other hand, calls to the database take more time. The choice is usually driven by performance, and security is rarely thought about here (of course, how can you influence what is stored on the server side?).
And now we come to the very essence of this attack: in certain situations we can influence what is stored on the server. Which ones specifically - it also depends on the situation. Most often, we need several different entry points into applications, the data from which ends up in the same session variable.
I'll give you a classic example and everything will be clear. The same situation as described above. A client who can enter the private zone on the site through the login page. A site that stores the client’s name in the session, and checks access to private pages using the username from the session.
But let’s add to this a password recovery page, on which you must enter your name (1), and the system will respond with a secret question (2), to which you will have to enter the correct answer to reset the password (3). And, as you probably already understood, in order to navigate you through this sequence (from 1 to 3), the server must also use the session and store the username in it.
So, the attack will consist in the fact that when we go to the recovery page and enter the administrator username, the server notes in the session that the user is an admin and displays a secret question for the admin. All! We can not enter anything, but simply go to the private section of the site. The server will look at the session, see that the username is admin, and give us access. That is, during password recovery, we “set” the value we needed and then went to surf the private parts. The bug here is that the site uses the same variable name for both authentication and password recovery.
At first it may seem that this type of vulnerability is rare. Actually this is not true. I've personally found these in fairly common products. I just didn’t know then that it was called that.
By the way, in addition to bypassing authentication, this technique can be used to increase privileges or skip steps in multi-step operations...
How to look for this type of bug? In fact, there is no super method for this. But first, you need to look for entry points into your application that have the potential to influence the values in session variables. And then - the brain, hands and tests, tests, tests.
If you are interested or want to try it on a special vulnerable application, please contact the authors of the original research.
Carry out a Host spoofing attack
Solution
Another example of an almost logical web vulnerability. It is based on the ability to forge the Host header of an HTTP request. More precisely, the lack of verification by the website during its subsequent use. But in order.
When you enter a site name in your browser, it connects to the IP address obtained from the name and in the HTTP request necessarily uses the “Host:” header, which indicates this name. Often web applications take the value from Host to build paths to resources (scripts, images, etc.). This probably allows them to work without being tied to a specific site name. It seems like this is how Joomla and Drupal work.
In general, from a security point of view, this is a slightly strange, but not dangerous situation. It would seem that, yes, by substituting our domain name in Host, we can make sure that our JS scripts (think XSS) are loaded onto the resource. But it is essentially impossible to force someone else's browser to do the same (that is, insert the wrong Host). So from the SOP point of view, everything seems to be quite normal here.
But recently I read an interesting example of how this feature is used. Imagine a password recovery page. You enter your email name and a link is sent to it with a random token to change your password (classic situation). So, we can also substitute our Host in the request, and then the letter that comes to the user will contain our domain! And as soon as the user clicks on this link, he will be transferred to our domain along with a token, which we can quickly use to change the password.
Of course, there is an important difficulty here - it requires the use of social engineering. The user, of course, should not click on all password reset messages. In addition, there are a number of server limitations, since web servers will refuse to process requests for Hosts unknown to them.
But still, there is definitely something in this attack.
Break UPnP
Solution
Universal Plug and Play (UPnP) is a set of network protocols that were created to simplify the mutual location of different devices, as well as their interaction. The device in this case can be almost anything: a router, a printer, a smartTV, some Windows services... And although the term UPnP may seem unfamiliar to you, in fact it is very, very common.
From the point of view of an example of interaction, you can look towards Skype or BitTorrent and Wi-Fi routers. The former, using UPnP, can find a router and send it a set of commands to forward some external port inside. It turns out very convenient: no hassles with manually setting up port forwarding.
But if you look at this from our hacker point of view, then there is something to profit from... UPnP as a technology appeared in the early 2000s and, perhaps, therefore has a decent number of flaws from a security point of view. Lack of authentication, for example. But let's talk about everything in order.
UPnP is based on several protocols and, more importantly, on a certain logical sequence:
Device discovery. And for this, the SSDP protocol (Simple Service Discovery Protocol - UDP, port 1900) is used. Each device that supports UPnP and provides some kind of service systematically sends an SSDP Notify packet on 1900 UDP to the multicast address 239.255.255.250. The packet data format is HTTP.
In it, it reports the supported standards, as well as the TCP port and URL before the description (XML) of each of its services. For example, http://192.168.0.1:1900/igd.xml describes the capabilities of the InternetGatewayDevice service.
In addition to listening to 239.255.255.250, we can “forcibly” send M-SEARCH requests to the same 1900th port. UPnP servers will have to respond to this request. They all respond with the same Notify packet.
So, the first task is, in fact, obtaining a list of UPnP servers, as well as URLs to XML, with a full description of the functionality of each of the server services. This is important because both the port and URLs may vary from manufacturer to manufacturer.
Identifying opportunities. So, from SSDP we receive a list of services with a link to their description in XML format. To access them, regular HTTP is already used. This file contains a description of each of the services, as well as links to XML files with a list of possible actions for each of them. That is, in this case, XML is simply a static description of all the capabilities of the services, as well as a list of entry points to the services and the necessary data to perform actions.
Control. Having received the XML data, we can already create SOAP packets and send them to the server via HTTP, thus performing some actions on the server.
There is no authentication, as I already said, and the server will perform all the actions that are sent to it in the SOAP request.
In 2008, GNUCitizen even released a special SWF. This SWF (Flash) sent a SOAP request to the router (its IP must be specified) so that it forwarded an arbitrary external port to the host port of the victim user. And it turns out that as soon as the victim user opened a site with this SWF, the flash “cut” a hole in the router to the user and we could attack him. Very comfortably!
Unfortunately, this method no longer works: since then Flash's sandbox has become stricter and we can no longer send arbitrary POST requests (most importantly, we need to add the SOAPAction header) to any other host (since a request for permissions will first occur rules in crossdomain.xml).
So now I think we see how this all works. Let's see what we can do about it.
Firstly, these are the firmware SOAP capabilities. In addition to the example with port forwarding, there are cases when we can change the router settings and set our own DNS server. And this is already wow! It all depends on the specific device, services and our imagination.
Secondly, this is a decent info-disclosure: IP addresses, device version and UPnP libraries, etc. (in SSDP, HTTP server and XML) In addition to this, many firmware capabilities can also tell us something. Passwords, for example. Somehow, during an external pentest, they discovered an accessible SSDP and dug up a bunch of private information about the insides of the company.
Thirdly, we can break the services themselves. A year ago, Rapid7 did a cool study on UPnP. They scanned the Internet for SSDP and SOAP (on standard ports), and fingerprinted them. It turned out that most UPnP servers are built on four SDKs. Of these, MiniUPnP and Portable UPnP (libupnp) stand out, on which more than half are supported. But more importantly, almost all servers use outdated versions of libraries, each of which has a bunch of vulnerabilities, including those leading to RCE. Moreover, both in SOAP and SSDP.
Additionally, this study shows how many of these devices actually stick out, at least SSDP. That is, even if the same SOAP is closed, we can take remote control of the device via SSDP.
Of course, it should be noted here that remote sploiting may not be very easy, since these devices are often built on all sorts of MIPS, ARM, which definitely complicates everything. In addition, you will also have to fight with the OS memory protection mechanisms (the same ASLR). But it is still possible.
What do we need to break everything?
Tools actually a little. Metasploit has a module for searching for UPnP (and detecting CVEs based on them). Plus, there are two “harvesters” that allow you to execute SOAP commands. These are Miranda and Umap. Both are written in Python, only under *nix, and do not work very well.
I hope that what you read has filled you with enthusiasm and a thirst for life, so if you want to review it, write to the mailbox. Always happy:). And successful learning new things!
This article contains specific recommendations on which services in Windows can be safely disabled - with one caveat: if you are dealing with your personal computer, which is not included in any tricky computer network or is specially configured for highly specialized tasks.
Disabling unnecessary services leads to increased performance - and, of course, saving RAM. The system will not be distracted by unnecessary tasks. In addition, security will also increase - if some services that allow you to connect to the computer from the outside simply do not work, then the connection is impossible. Explanations will be given using Windows XP, Windows Vista and Windows Seven as examples - the services in all systems are similar and differ mainly in names. The differences in names will be indicated separately; for Windows XP I will also give the English names of the services (apparently, there are very few users of English Vista/Seven in Russia - and the services, again, have approximately the same names).
Automatic updates
Vista/Seven: Windows Update
If you do not need updates and the unnecessary problems associated with them, you can disable this service. Stable builds of systems, as a rule, are free from serious errors and can be used for an indefinitely long time without any updates. Most often, updates include bug fixes in security systems that a home computer that is not connected to any network does not need at all. In Vista/Seven, I often encountered the fact that after updates the system cannot boot for a long time (or even freezes) - so, for my clients, I most often immediately disable this service.
In some cases, disabling the update service in Vista/Seven makes it impossible to install some system things - for example, .Net framework 3.5. To install, you need to enable the service, and then you can disable it again. I don’t remember such problems in XP in my entire history of use.
Wireless zero configuration
Vista/Seven: WLAN AutoConfig Service
If your computer does not have wireless adapters (and in most cases this is the case if we are talking about a stationary home machine), the service can be disabled.
Windows firewall/Internet connection sharing (ICS)
The firewall itself is absolutely useless and, in fact, does not particularly protect against anything (except that it creates unnecessary problems - for example, with multicast IPTV streams). It is better to install a third-party firewall, or simply disable the firewall, because... For most providers, the Windows network still does not work, and the remaining dangerous things like remote access can simply be disabled. If your computer is used as a gateway to the Internet for another home machine, you cannot disable the firewall, because It is he who handles the general connection to the Internet.
Web Client
The description says that "this service allows you to manipulate files on the Internet." What and how - I have no idea; for 10+ years the service has never been useful.
Print spooler
Vista/Seven: Print Manager
If there is no printer in the system, disable it.
Vista/Seven only: Windows Defender
It is not clear why it is needed if there is a normal antivirus. In fact, it mainly monitors the original Windows components (Internet Explorer, Windows add-ons, etc.). For example, I do not use them in any of the systems. With the release of Microsoft Security Essentials, it was announced that Defender could be retired. There is no Defender in XP, but you can install it for free. Again, it’s unclear why...
NetBIOS support module via TCP/IP (TCP/IP NetBIOS helper)
If your computer is not connected to a network with others communicating via Windows Network, feel free to disconnect it.
XP/Vista only: Computer browser
If the computer, as in the previous case, is not part of a Windows network with others, the service is not needed.
Shell hardware detection
Disabling this service significantly increases system security - after this, flash drives, CDs, etc. will no longer open automatically. This means that auto-running of malicious code from a infected storage medium is excluded. An experienced user himself is able to log into a removable device without any “helpful” autostarts.
Workstation
In theory, this service is needed to function in a networked environment (which means that it can be disabled if one is not observed). Personally, I always turned it off and didn’t experience any problems.
Server
The service is needed to open network drives and printers on a computer. Accordingly, if there is no network, the service can be disabled, and this is strongly recommended to increase security.
XP only: System restore service
Basically, if you disable recovery in your computer settings, the service will turn off itself. In addition, recovery can sometimes save a virus-ridden machine. If you feel the power of the Jedi, like me, turn it off. I have never needed this service in 10+ years.
Indexing service
Vista: Windows Search
Seven: Windows search
If you are not making a dump out of your computer and know perfectly well where everything is (and this is how it should be), turn it off. This service indexes all user files for search, and it can slow down the system at times. If the service is disabled, searching for files on the computer will still work, but much slower. I repeat, if you organize your work correctly, you don’t need to search for files at all.
SSDP discovery service
Vista/Seven: SSDP Discovery
Allows you to discover UPnP devices on the network. If you connected a router at home and your computer began to show it in the network environment as an “Internet Gateway” - this is it. And no one needs it at all.
XP only: Remote Access Service (Telnet)
Why remote access to your home machine? Only if you really need it.
Application layer gateway service
According to information, the service can be used by some third-party network monitors. I always turn it off and don’t experience any problems, incl. and with third-party firewalls.
IPsec services
Vista/Seven: IPsec Policy Agent
If your provider doesn’t indulge in VPN connections (or you don’t indulge in them yourself), feel free to disable it.
Terminal services
Seven: Remote Desktop Services
Ensuring fast user switching (see below) and remote access to a computer (remote desktop). If you don't need either one, turn it off. In Windows XP it definitely does not lead to any consequences, Vista/Seven - I have not tested it extensively.
XP only: Fast user switching compatibility
If there is only one user on your computer, you can disable it. In Windows XP this definitely does not lead to any problems; there is no separate service on Vista/Seven - apparently not provided.
XP only: Help and support
Has this "help" ever helped anyone?
Themes
I’ve never understood why themes are needed in operating systems, and I always work with the service disabled.
Remote registry
As follows from the description, it allows remote users to manipulate the registry on the computer. Of course, this is completely unnecessary for a home machine.
Security center
Constantly reminds you of what a conscious user already knows. An absolutely unnecessary thing for those who understand at least something about the system (and are reading this article).
What other services can be disabled?
DHCP Client
If your network connection is configured manually (has a static IP address), the service is not needed.
Windows audio
The name speaks for itself. If there is no sound on your computer (or you don’t need it), you can turn it off.
Windows time service
If you don't particularly care about time synchronization via the Internet, you can turn it off. However, I still prefer to synchronize the system time.
Windows Image Acquisition (WIA)
The service is designed to receive images from scanners, cameras, etc. If you do not directly connect device data (use it to copy memory cards), the service is not needed.
What services cannot be disabled, even if you really want to?
Event log
Vista/Seven: Windows Event Log
It seems that the service can be disabled painlessly - with the system configured, you never look at this log. However, I witnessed how when the service was disabled... The WiFi connection did not work. I don’t know how to explain this; I just remembered it for the rest of my life. Even if you don’t have WiFi, this doesn’t mean that this incident won’t manifest itself somewhere else.
Task scheduler
Vista/Seven: Task Scheduler
It would seem that if you do not use task scheduling (I, for example, almost never use it), then the service is not needed. However, in Windows XP, in addition to its main task, it also deals with the prefetch service - it creates special files in the /prefetch system directory, which can significantly speed up the loading of the operating system and programs. It is highly not recommended to disable it. I have no experience with Vista/Seven, because... they have a separate Superfetch service; Perhaps the scheduler can be disabled - but I won’t say so.
The remaining not very necessary services in all systems after installation have the “manual” boot type. That is, they do not start unnecessarily, but sometimes they may be needed - therefore, you should not disable them.
Warning: This process involves some degree of risk, and therefore it is advisable to have at least a general idea of what we are going to do. If you need to return all services to their default state, you can download ready-made reg files. Select your system and download the archive. After downloading, unpack the archive and run the reg file.
A full description of the services, as well as the name and display name, can be viewed and the status can be changed at this path: Start - Control Panel - Administration - Services.
But not all services are necessary for the computer to function properly. Below is a list of services that are disabled or enabled in my configuration. User one(with administrator rights), to the network not connected. To access the Internet, I use my cell phone as a modem connection.
AST Service(Nalpeiron Licensing Service) - Disabled.
BranchCache(This service caches network content received from caching hosts on the local subnet) - Manually.
DHCP client(Registers and updates IP addresses and DNS records for this computer) - Auto
DNS client(The DNS Client service (dnscache) caches DNS (Domain Name System) names and registers the fully qualified name of a given computer.) - Disabled. If there is a network - Auto
KtmRm for distributed transaction coordinator(Coordinates transactions between MS DTC and Kernel Transaction Manager (KTM).) - Manually.
Microsoft .NET Framework NGEN v2.0.50727_X86(Microsoft .NET Framework NGEN) - Manually.
Parental Controls(This service is a placeholder for the Windows Parental Controls functionality that existed in Vista.) - Manually.
Plug-and-Play(Allows the computer to recognize changes in installed hardware and adjust to them, either without requiring user intervention or minimizing it) - Auto
Quality Windows Audio Video Experience (qWave)- network platform for streaming audio and video in home networks based on the IP protocol) - Manually.
Remote Desktop Configuration(Remote Desktop Configuration) - Manually.
Superfetch(Maintains and improves system performance.) - Auto
Windows Audio(Manage audio tools for Windows programs.) - Auto.
Windows CardSpace(This provides a secure ability to create, manage and disclose digital identities.) - Manually
Windows Driver Foundation - User-mode Driver Framework(Manage host processes of user mode drivers.) - Manually.
Windows Search(Indexing content, caching properties and search results for files, email and other content.) - Auto. If you don’t use search on your computer, you can Disable.
WMI Performance Adapter(Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network.) - Manually.
WWAN auto-configuration(This service manages mobile broadband (GSM and CDMA) data cards and embedded modular adapters, as well as connections and automatic network configuration.) - Manually.
Offline files(The Offline Files service does the job of maintaining the Offline Files cache.) - Manually.
Network Access Protection Agent(The Network Access Protection Service agent collects and manages information about the health of client computers on the network) - Manually.
A IPsec policy gent(Internet Protocol Security (IPsec) supports network layer authentication of caching hosts) - Manually.
Adaptive brightness control(Designed to monitor the ambient light sensor and adjust the monitor brightness according to light changes.) - Manually.
Windows Backup(Supports backup and restore on Windows.) - Manually.
Windows Biometric Service(The Windows Biometric Service is designed to collect, compare, process and store biometric data in client applications without directly accessing the biometric samples or hardware) - Manually.
Windows Firewall(Windows Firewall helps prevent unauthorized access to your computer over the Internet or network.) - Disabled. A third party firewall is used.
Web client(Allows Windows programs to create, access and modify files stored on the Internet) - Manually.
Virtual disk(Providing management services for disks, volumes, file systems and storage arrays.) - Manually.
IP Ancillary Service(Provides tunnel connectivity using IPv6 transition technologies) - Manually.
Secondary login(Allows you to run processes as another user) - Manually.
Grouping of network participants(Enables multi-party interactions using peer-to-peer grouping.) - Manually.
Disk Defragmenter(Provides the ability to defragment disks.) - Manually. You can leave and Auto by setting a schedule to run.
Automatic Remote Access Connection Manager(Creates a connection to a remote network when a program accesses a remote DNS or NetBIOS name or address.) - Manually.
Print Manager(Load files into memory to print later) - Auto. If you don't have a printer, then Disabled.
Remote Access Connection Manager(Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks.) - Manually.
Desktop Window Manager Session Manager(Ensures the launch and maintenance of the desktop window manager) - Auto.
Network Member Identity Manager(Provides identity services for Peer-to-Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Network Grouping) - Manually.
Credential Manager(Provides secure storage and retrieval of user credentials,) - Manually.
Security Account Manager(Starting this service signals to other services that the Security Account Manager (SAM) is ready to accept requests.) - Auto.
Access to HID devices(Provides universal access to HID devices) - Manually.
Windows Event Log(This service manages events and event logs) - Auto.
Performance Logs and Alerts(The Performance Logging and Alerts service collects data from local and remote computers according to the specified schedule parameters, and then logs the data or issues an alert.) - Manually.
Software Protection(Allows download, installation and enforcement of digital licenses for Windows and Windows applications) - Auto.
Windows Defender(Protection against spyware and potentially dangerous programs) - Auto. However, it is still recommended to use third-party products to protect your computer from viruses.
CNG Key Isolation(The CNG Key Isolation Service is hosted in the LSA process) - Manually.
Windows Management Instrumentation(Provides a common interface and object model for accessing operating system, device, application, and service management information.) - Auto.
Application Compatibility Information(Process compatibility check requests for applications as they launch) - Manually.
Group Policy Client(This service is responsible for applying settings defined by administrators for computers and users through Group Policy.) - Auto.
Changed Link Tracking Client(Supports links of NTFS files moved within a computer or between computers on a network.) - Auto.
Distributed Transaction Coordinator(Coordination of transactions spanning multiple resource managers such as databases, message queues, and file systems.) - Manually.
Windows Presentation Foundation Font Cache(Optimizes the performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data.) - Manually.
SNMP trap(Accepts capture messages generated by local or remote SNMP agents and forwards them to SNMP management programs running on this computer.) - Manually.
Remote Procedure Call (RPC) Locator(In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service managed the RPC Name Service database.) - Manually.
Routing and remote access(Offers routing services to organizations in the local and global networks) - Disabled.
IPsec key modules for Internet key exchange and IP authentication(The IKEEXT service contains modules for Internet Key Management (IKE) and Authenticated IP (AuthIP).) - Auto.
DCOM server process launcher module(The DCOMLAUNCH service starts COM and DCOM servers in response to object activation requests) - Auto.
NetBIOS support module over TCP/IP(Provides support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network) - Manually.
Windows Instant Connections - Setup Recorder(The WCNCSVC service contains the Windows Connect Now configuration (Microsoft's implementation of WPS) - Manually
SSDP detection(Discovers network devices and services that use the SSDP discovery protocol, such as UPnP devices) - Manually.
Interactive Service Discovery(Enables notification to the user that user input is required for interactive services, which provides access to dialog boxes generated by interactive services as they appear.) - Manually
Computer Browser(Serves a list of computers on the network and provides it to programs upon request) - Manually.
Internet Connection Sharing (ICS)(Provides network address translation, addressing, name resolution, and intrusion prevention services for a home or small office network.) - Disabled.
Shell Hardware Definition(Provides notifications for startup events on various devices.) - Auto.
Basic TPM services(Allows access to the Trusted Platform Module (TPM), which provides hardware-based cryptography services to system components and applications.) - Manually
Simple Service Discovery Protocol(English) , SSDP ) is an expired draft Internet standard (Internet draft) IETF, written by Microsoft and Hewlett-Packard. This protocol is the basis of the Universal plug-and-play discovery protocol.
SSDP describes a mechanism by which network clients can discover various network services. Clients use SSDP without prior configuration. SSDP supports multicast discovery, server notifications, and routing. This service enables discovery of UPnP devices on your home network. For example, a TV with DLNA/UPNP support finds media servers on the local network using this protocol. Home routers are also typically discovered by computers using SSDP (to display information about routers and media servers in Network Neighborhood, these devices must also support the HTTP protocol, since SSDP provides devices with an HTTP link to the device's control node) .
SSDP uses XML UDP packets in both unicast and multicast for service advertisements. The multicast address 239.255.255.250 is used.
In the Windows operating system, no other services are required for the normal functioning of the SSDP Discovery Service. The “Universal Plug and Play Device Host” depends on the operation of this service.
see also
External links
- IETF SSDP draft version 3 (obsolete and expired)
Wikimedia Foundation. 2010.
See what "Simple Service Discovery Protocol" is in other dictionaries:
Simple Service Discovery Protocol- (SSDP) is an expired IETF Internet draft by Microsoft and Hewlett Packard. SSDP is the basis of the discovery protocol of Universal plug and play.SSDP provides a mechanism which network clients can use to discover network services. Clients can... ... Wikipedia
Simple Service Discovery Protocol- (SSDP) est un protocole de communication informatique en réseau. Il a été déclaré à l IETF sous forme de brouillon par Microsoft et Hewlett Packard. Ce brouillon a expiré depuis, mais le protocole est toujours utilisé, notamment comme base à UPnP … Wikipédia en Français
Simple Service Discovery Protocol- SSDP im TCP/IP‑Protokollstapel: Anwendung SSDP Transport UDP Internet IP (IPv4, IPv6) Netzzugang Ethernet Token … Deutsch Wikipedia
Simple Network Management Protocol- (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). SNMP is used in network management systems to monitor network attached devices for conditions that warrant administrative attention. It... ... Wikipedia
Service discovery- protocols are network protocols which allow automatic detection of devices and services offered by these devices on a computer network. Service discovery is an essential ingredient of the Semantic Web, since the future Web must allow software... ... Wikipedia
Service Location Protocol- The Service Location Protocol (SLP, srvloc) is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. SLP has been designed to scale from small, unmanaged... ... Wikipedia
Service Oriented Architecture- Architecture orientée services Pour les articles homonymes, voir SOA. L architecture orientée services (calque de l anglais Service Oriented Architecture, SOA ou AOS) est une forme d architecture de médiation qui est un modèle d interaction… … Wikipédia en Français
Service-oriented architecture- (SOA) is a method for systems development and integration where functionality is grouped around business processes and packaged as interoperable services. SOA also describes IT infrastructure which allows different applications to exchange data… … Wikipedia
Hypertext Transfer Protocol- HTTP Persistence · Compression · HTTPS Request methods OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT Header fields Cookie · ETag · Location · Referer DNT · … Wikipedia
Extensible Messaging and Presence Protocol- (XMPP) is an open, XML inspired protocol originally aimed at near real time, extensible instant messaging (IM) and presence information (a.k.a. buddy lists), but now expanded into the broader realm of message oriented middleware. )