MSN Messenger and UDP 1900

[Louie Martinez <louie () kopykake com>]

I had noticed I had been getting these curious entries in my logfile on my 
linux box which is set up as a firewall. (I use Shorewall to manage IPTables)

Feb  5 17:37:07 firewall kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:a0:cc:3f:64:00:00:e0:7d:b8:78:72:08:00 SRC=192.
168.1.18 DST=192.168.1.1 LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=1638 
PROTO=UDP SPT=1148 DPT=1900 LEN=140
Feb  5 17:42:04 firewall kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= 
MAC=00:a0:cc:3f:64:00:00:02:e3:11:b7:cc:08:00 SRC=192.
168.1.4 DST=192.168.1.1 LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=5080 
PROTO=UDP SPT=1211 DPT=1900 LEN=140

These happen to be Windows XP machines. The curious part is that I have 
properly disabled UPnP and SSDP Discovery on both system.

With some investigating I managed to view the payload of the mysterious UDP 
packet.

M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MAN: "ssdp:discover"
MX: 3
ST: urn:schemas-upnp-org:service:WANIPConnection:1

Anyway after even further investigation it seems that these mysterious 
packets are only sent if MSN messenger is launched. You don't even have to 
be logged into your MSN Messenger account. As long as it's sitting in your 
system tray, these packets seem to be sent every 10 to 15 seconds on 
machines with active MSN accounts and every 5 minutes or so on machines 
that haven't set up an MSN Messenger acount but still leave it sitting in 
the system tray.

If anyone else can confirm this or know why MSN wants to talk like a UPnP 
device, I'd be appreciative to hear from you.