What's with the SOAP??

Discussion in 'Malware Help (A Specialist Will Reply)' started by Kevin Murphy, May 25, 2006.

  1. Kevin Murphy

    Kevin Murphy Private E-2

    Ever since I had FIOS installed my PC is constantly transmitting and receiving data at a rate of about 8kbps in upstream and downstream direction. When I look at it in Ethereal it is SOAP (simple object access protocol). So I'm thinking OMG WTF!!! Anyone know what's going on?. The new firewall in my FIOS router has all the ports wide open, I used to keep them blocked.
    Here's the Ethreal trace....I bet it's those sneaky bastards in Redmond.


    POST /WANCommonInterfaceConfig HTTP/1.1

    Content-Type: text/xml; charset="utf-8"

    SOAPAction: "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesReceived"

    User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)

    Host: 192.168.0.1:5678

    Content-Length: 313

    Connection: Keep-Alive

    Cache-Control: no-cache

    Pragma: no-cache



    <?xml version="1.0"?>

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetTotalBytesReceived xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>

    HTTP/1.1 200 OK

    CONNECTION: CLOSE

    CONTENT-LENGTH:471

    CONTENT-TYPE:text/xml

    DATE: Fri, 26 May 2006 01:09:53 GMT

    SERVER: Embedded UPnP/1.0



    <?xml version="1.0"?>

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body>
    <m:GetTotalBytesReceivedResponse xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"><NewTotalBytesReceived xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4">-1568908290</NewTotalBytesReceived></m:GetTotalBytesReceivedResponse></SOAP-ENV:Body> </SOAP-ENV:Envelope>
     
    Kevin Murphy, May 25, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 25, 2006
    #2
  3. Kevin Murphy

    Kevin Murphy Private E-2

    I'm familiar with the protocol. It's an XML object access protocol for distributed computing. In effect it is a common signalling language for apps to talk to each other across the internet. I can "invoke a method" on an object in your PC (i.e. tell it to do something), and it can reply to me with the results. SOAP defines the structure of the data.
    You can see one of the "methods" being invoked in the trace ...m:GetTotalBytesReceived and then the answer coming back "1568908290" So my PC is chatting away happily with some application out there.
     
    Kevin Murphy, May 25, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! I know that much about it too.

    You must have installed some software to go along with your FIOS connection that is using it. Talk to your ISP. This is more than likely not a malware issue.
     
    chaslang, May 26, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds