Recently, one of my hotmail accounts was used to send out a spam email to my contacts.
When this came to my attention, I ran McAfee and several other mal/adware programs to check if there was something on my laptop.
Nothing of significance was found.
My questions for you today is in regard to the "incoming and outgoing events" log on McAfee Total Protection.
Looking through previous entries recorded in the "INCOMING EVENTS" log, "SSDP" events from source IP 192.168.1.254
is recorded EVERY 10 minutes. Nothing is recorded when the laptop is off.
It says "A PC at 192.168.1.254 has tried to access one of your system ports (UDP port 1900). If you want to allow this traffic, either trust the IP address or open the port in the System Services in Firewall."
And underneath that "UDP port 1900 is commonly used by the "SSDP" service or program. SSDP is used to provide remote installation services. The protocal was designed to simpilfy administration bu allowing you to install a device on your LAN and in turn have it install itself onto all computers on the LAN. The original implementation was flawed and exposed a security risk. A security patch was released for Windows ME, 2000 and XP to fix several serious issues. However, opening port 1900 to the internet is generally not wise even with a patched system. If you are a school LAN or share several systems, you may see three events per system every few minutes. This can be ignored. If you do not see three times for the same system (on average) then you may wish to report this as attack. If you need to open this port, it be opened via "System Services"".
McAfee Total Protection was installed on this laptop in late March 2010.
These "SSDP" events from source IP 192.168.1.254 started popping up on June 10, 2010.
Prior to June 10, there were NO "SSDP" events recorded in the "INCOMING EVENTS" log at ALL.
And since June 10, almost ALL of the entries recorded in the "INCOMING EVENTS" log are these "SSDP" events.
NON "SSDP" events are now RARE, rather than the norm AFTER June 10.
So my question is...Is this normal? Or is there someone trying to hack into my laptop?
On another laptop, "SSDP" events have been recorded in the "INCOMING EVENTS" log ever since McAfee was installed on the computer.
Also, there are no records in the "OUTGOING EVENTS" log at all. Not one.
Is this normal?
Any comments would be greatly appreciated!