XP:New network device announces itself on the LAN?

Posted by: tfabris

XP:New network device announces itself on the LAN? - 10/09/2003 14:13

So I'm told that today on our LAN a bunch of XP users got a little bubble popping up in their system tray saying "A new device has been added to the network <ip address>".

I happen to know what the device was, but I'm not going to say because then I'd have to kill you.

I want to make sure this doesn't happen each time I plug the device into the network. What irritating bloddy feature needs to be turned off so this crap doesn't happen?
Posted by: matthew_k

Re: XP:New network device announces itself on the - 10/09/2003 14:20

Hold on a minute now... the karma NDA has been lifted. Would you care to drop a few hints about this device that happened to be plugged into the network?

I've never seen XP announce a new device being added to the network. It does scan for printers occasionally, but I've never seen a notification about them. Does this aforementioned device send out any sort of broadcast traffic?

Matthew
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 14:24

Yeah, I'm guessing the aforementioned device does send broadcast packets. What I'm wondering is by what protocol does it do so, why does XP choose to pester my users about it, and how do I kill that kind of traffic on the LAN?

I'm not asking this because I'm looking for help for the device itself. That's handled elsewhere. I'm just asking... today... right now... how do I kill this traffic on the LAN so that the device can still work, but work quietly without pestering my users? What protocol does XP use to do this irritating crap?
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 14:26

the karma NDA has been lifted
 And, not apropos of anything, but the beta testers for Karma are still under NDA, it's just that they've been allowed to tout the product features as a form of viral marketing. We still can't talk about things like development details and such.
Posted by: robricc

Re: XP:New network device announces itself on the LAN? - 10/09/2003 14:35

I believe it's uPnP
Posted by: matthew_k

Re: XP:New network device announces itself on the - 10/09/2003 14:40

Do you have anything like ZoneAlarm that will tell you about new connections?

Have you googled for the exact message that pops up? I cut and pasted what you quoted and got nothing, which is odd for a real windows XP dialog.

Matthew
Posted by: robricc

Re: XP:New network device announces itself on the LAN? - 10/09/2003 14:55

More about disabling UPnP in XP
http://ww.grc.com/unpnp/unpnp.htm
Posted by: tfabris

Re: XP:New network device announces itself on the LAN? - 10/09/2003 14:57

Ah, cool article, thanks. Port 5000 and 1900.
Posted by: peter

Re: XP:New network device announces itself on the - 10/09/2003 15:04

Yeah, I'm guessing the aforementioned device does send broadcast packets. What I'm wondering is by what protocol does it do so, why does XP choose to pester my users about it, and how do I kill that kind of traffic on the LAN?
The Karma announces itself over SSDP multicast. If, as a sysadmin, you find yourself needing to filter that traffic, look for UDP packets destined to multicast group 239.255.255.250 on port 1900. That's a "local administrative scope" multicast address, so at least the notifications shouldn't cross routers unless someone's deliberately configured the router otherwise.

Of course, anyone on the wrong side of the filter couldn't then use Rio Music Manager to talk to the Karma: it's only SSDP that lets Rio Music Manager know where the Karmas on the network are.

There's more (lots more) at http://www.upnp.org.

Peter
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 15:07

Yeah, let's take the discussion of whether it's appropriate for the, ahem, unnamed device to announce itself on a corporate LAN like that to an internal development forum....
Posted by: peter

Re: XP:New network device announces itself on the - 10/09/2003 15:09

a bunch of XP users
Out of interest, were these XP Home or XP Professional boxes? Opinion seems to vary on whether XP Professional has UPnP enabled by default, or whether it's just XP Home.

Peter
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 15:11

Definitely XP pro, and the UPNP service is definitely enabled by default on Pro. Dunno about home.

Oddly, home is where you'd want it announcing itself like that, and the work environment is where you'd want it to keep quiet. But that's for another forum...
Posted by: peter

Re: XP:New network device announces itself on the - 10/09/2003 15:13

Yeah, let's take the discussion of whether it's appropriate for the, ahem, unnamed device to announce itself on a corporate LAN like that to an internal development forum...
I'm not sure what the cloak-and-daggerness is for... the fact that Karma uses UPnP has been publicly known at least since I explained it on the Karma Slashdot thread, if not before.

We're off-topic for Off Topic, though, so you could take it to Karma General if you like?

Peter
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 15:15

Well, I was thinking more along the lines of in the internal Karma Beta Testers forum.
Posted by: peter

Re: XP:New network device announces itself on the - 10/09/2003 15:27

Oddly, home is where you'd want it announcing itself like that, and the work environment is where you'd want it to keep quiet.
Except for the password-protection facility, once it's on the network it's as accessible to your co-workers' PCs as it is to yours... to pretend otherwise would be to give you a false sense of security. If you don't want a USB device appearing on your co-worker's PC, you don't plug it into your co-worker's USB port; so, analogously, if you don't want people on the LAN seeing your LAN device, don't plug it into the LAN...

Peter
Posted by: tfabris

Re: XP:New network device announces itself on the - 10/09/2003 15:28

That argument is so spurious I'm not even going to try to refute it.

With all due respect, of course.
Posted by: Roger

Re: XP:New network device announces itself on the - 11/09/2003 01:18

Well, I was thinking more along the lines of in the internal Karma Beta Testers forum.

Wny? It's not a bug.
Posted by: Roger

Re: XP:New network device announces itself on the - 11/09/2003 01:22

UPNP service is definitely enabled by default on Pro.

Not on my installation, it's not. I installed XP Pro (slipstreamed SP1a), and the Universal Plug and Play option in Windows XP setup is not checked, and not installed. This is the default for XP Pro AFAICT.

I _do_ have a "Universal Plug and Play Device Host" service, but this is unrelated to detecting UPnP devices on your network, and besides, it's not actually started by default.
Posted by: peter

Re: XP:New network device announces itself on the - 11/09/2003 08:51

the, ahem, unnamed device
Incidentally, we expect car-players to be doing this too in software 3.0, but that's not implemented yet.

Peter
Posted by: mlord

Re: XP:New network device announces itself on the - 11/09/2003 09:09

I suppose that's okay -- if it becomes an issue for anyone, I can add something to block it in Hijack.

Cheers
Posted by: peter

Re: XP:New network device announces itself on the - 11/09/2003 11:50

Definitely XP pro
Are these PCs on a domain (in the NT sense of the word "domain")?

Peter
Posted by: tfabris

Re: XP:New network device announces itself on the - 11/09/2003 11:58

Are these PCs on a domain (in the NT sense of the word "domain")?
Yes. The domain controller is Windows NT 4.0.
Posted by: drakino

Re: XP:New network device announces itself on the - 11/09/2003 12:00

Just confirming here as well that UPnP is off by default on my MS Select version of Windows XP Pro SP1. I just got done installing a machine yesterday and joining it to the company domain.
Posted by: tfabris

Re: XP:New network device announces itself on the - 11/09/2003 12:04

Well, it was on by default on Kevin and Anita's boxes (I specifically asked, and Kevin is very knowledgeable about such things and quite precise with regard to his PC configurations since he's our main second tier support tech), so I don't know why everyone else is getting different results than he.

Also, the earlier-linked Gibson Research article talks about it being on by default. So at least somewhere on the planet, there are people who have it on by default.