Every time I start up, Zonealarm reports windows explorer wants to contact IP 239 255 255 250 port 1900 Who is this and why does this happen. If no-one knows, I can look in the registry for something that does not look right. I will report back here anything I find before any deleting goes on. Which path should I look ? hkey local, hkey current etc A previous post here reformatted to cure it. Something I can't do, but that's another story.

http://grc.com/unpnp/unpnp.htm

Could that be your ISP's DNS IP address? I was getting that kind of alert when I changed from dial up to DSL. It would happen over and over. Once I added the IP address to my trusted zone, it stopped. It was my DSL provider trying to issue me an IP address. Did you look it up with whois? This is what arin whois comes up with: Search results for: 239.255.255.250 IANA (NET-MCAST-NET) Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292-6695 US Netname: MCAST-NET Netblock: 224.0.0.0 - 239.255.255.255 Coordinator: Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org (310) 823-9358 Domain System inverse mapping provided by: FLAG.EP.NET 198.32.4.13 STRUL.STUPI.SE 192.108.200.1 192.36.143.3 NS.ISI.EDU 128.9.128.127 NIC.NEAR.NET 192.52.71.4 Record last updated on 12-Sep-2000. Database last updated on 8-Jun-2002 19:59:27 EDT. Does that give you any clues as to why your computer is trying to contact that ISP? You can try it here yourself. http://www.arin.net/whois/index.html Aslo what does ZA say when you click for more info? Sorry if you did all this before, I did not see your other post.

Windows Explorer??? Give deny on them, it's sending a snoopy information from your hard drive. Windows Explorer's just the file manager on hard drive or CD or Floppy..

hi michael, you may have a buffer exploit in your windows directory and it has something to do with port 1900 and or port 5000. these ports are usually assigned to be used for plug and play utilities in your computer. if you are using a firewall such as z.a. free or pro, use the maximum stealth and it will close ports 1900 and 5000. the problem is someone or you may have inadvertantly opened up an e-mail attachment with the buffer overflow exploit, or you may have downloaded something containing an exploit, in anycase something in windows is broadcasting out to that address. here's some info: UPnP is a protocol that allows network devices to broadcast self-describing messages for peer-to-peer integration into a network. Two vulnerabilities are present in UPnP. A buffer overflow exists in the Windows XP implementation of the Simple Service Discovery Protocol (SSDP) component of UPnP. Another more generic Distributed Denial of Service (DDoS) or Denial of Service (DOS) risk exists within SSDP as well and affects multiple versions of the operating system. Affected Versions: Windows XP Windows ME Windows 98SE Windows 98 Description: A remotely exploitable buffer overflow exists in the UPnP service of Windows XP A malicious user can transmit a malformed NOTIFY request to a vulnerable machine and overflow an unchecked buffer in the UPnP service This service runs in the SYSTEM context under Windows XP and can result in a full system compromise, allowing the attacker to gain control of the affected machine. A condition also exists in the implementation of SSDP that could lead to a DOS or DDoS attack by transmitting a malformed NOTIFY directive at a targeted machine or group of machines. The targets can be forced to endlessly transmit HTTP requests to a final target. Recommendations: Internet firewalls should be configured to block ports 1900 and 5000. go to the www.thepublicworks.com and click on wilders.org and download a free version of Trojan Hunter and scan your machine and see what pops up. while your'e there also click on RegProt and download a free copy of this registry monitor, and Procmon and TDImon from Sysinternals a free processes and port monitor. best of luck and cheers, murve

I have read the responses several times and it may be sinking in, slowly. I have Win ME. I received an E-mail a while ago via Hotmail, from an unknown sender. It was 167KB with no attachment. I always scan attachments from downloads before opening them. Believing this was just text I opened it to find it totally empty. No text, apart from the title. I don't remember what that said, nor do I remember when Zonealarm first reported Windows wanted access to the net, it may be a coincidence. I thought it was normal for Windows to search the net till another post reported the problem and stated exactly the same IP address and port. I found links to MCAST-NET via alltheweb.com (thanks Suzi)a site that listed loads of webpages. None looked familiar. From what I can understand... I have picked up some sort of bug that changes Windows Explorer settings to search out this address when it should be searching my PC for files and programs. I have scanned with Trojan Hunter, Norton AV, Housecall & AVG, all reported negative. Rather than use programs to stop Windows searching the net I would rather it was set up as before. Is there no way I can change the settings back to how they were manually ? Since I don't know when this problem started I don't want to use System restore. I will read more and check this post each evening. Thanks.

Yea, I gets a 2 large file size on the Hotmail inbox listing shows that size on the right of screen, 116K and 147K, I never open the mail box and just blocking the UNREAD off the inbox listings and goes to junk box. Even my own private email got 1 large file, it's blocked and goes into junk box too.