Registry Tip #18: Disable Windows Messenger broadcasts on UDP port 1900

Hits: Failed to execute CGI : Win32 Error Code = 3


In XP, the Simple Service Discovery Protocol (SSDP) discovery service searches for Universal Plug and Play devices on your home network. SSDP searches for upstream Internet gateways using UDP port 1900 - a potential security risk many organizations will want to block. OK, you decide to block SSDP services but to your surprise, your firewall and network sniffers continue to see the UDP port 1900 packets. You have disabled XP's SSDP and even Universal Plug and Play Device Host. Whats going on? This is Universal Plug and Play Network Address Translation (NAT) traversal discovery used by Messenger. If you run a sniffer trace, the following information is displayed in the data section of the packet:

SSDP: Method = M-SEARCH
SSDP: Uniform Resource Identifier = *
SSDP: HTTP Protocol Version = HTTP/1.1
SSDP: Host = :1900
SSDP: Search Target = urn:schemas-upnp-org:device:InternetGatewayDevice:1
SSDP: Mandatory Extension = "ssdp:discover"
SSDP: Maximum Wait = 3
XP's Windows Messenger is attempting to communicate to an Internet host. To block Windows Messenger's broadcasts:

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\DirectPlayNATHelp\DPNHUPnP
Name: UPnPMode
Type: REG_DWORD
Value: 2 disabled
With UPnPMode=2, Universal Plug and Play Network Address Translation (NAT) traversal discovery does not occur.





Keywords: Windows XP registry tip, disable, block, windows messenger, broadcasts, SSDP, Simple Service Discovery Protocol, UPnP, universal plug and play, firewall, security risk, upstream internet gateways, DPNHUPnP, discovery service, UDP port 1900, Network Address Translation