UDP port 1900 flooding network? - Expert Advice Needed
 

I have a very odd issue. Recently, I had my proxy server flood my network with udp traffic from port 1900 to ip address 239.255.255.250. In other words, when I went into iptraf, it said publicipaddress:12250 to 239.255.255.250:1900. It would flood the network with 100,000 packets within a few seconds. When I unplugged the network cable to the proxy server, of course, it all stopped. So, I feared an attack and replaced the proxy server with a hardware router temporarily, but the issue came back and again, flooded my network with this traffic. I replaced the proxy server with a different server and the problem went away. Was this a DOS attack? How can I tell if I was attacked? I didn't see anything that stood out too much in the log files, but I'm far from a guru for looking for little nuances of evidence of an attack.

Is it possible that it was all coincidental? Perhaps a UPNP bug within my network on one of the workstations? Everyone I've asked in my community is stumped, so I thought I'd check here and see what you all thought. Thanks in advance.

No one? Anyone else have this problem or am I unfortunate enough to have found a whole new bug? :)

It's probably windows xp broadcasting its ssdp stuff. Have a look at http://www.windowsnetworking.com/kba...Pport1900.html and http://www.grc.com/port_1900.htm for more information. I have the ssdp discovery service disabled on all the windows xp boxes I'm responsible for here...