Hello, for the last month or so when I check my NIS 2009 history it's littered with(Im talking 10 times in a second for as long as im connected to the internet(15+ hours a day)).

Rule "Defualt Block UPnP Discovery" stealthed (xxx.xxx.x.x, Port ssdp(1900)).

Inbound UDP packet.

Local address, serrvice is (239.255.255.250, Port ssdp(1900)).

Remote adresss, service is (xxx.xxx.x.x, Port(4011)).

Process name is "C:\Windows\system32\svchost.exe".

This is repeated for as long as I'm online for, there really is only one change and that is "Remote adresss, service is (xxx.xxx.x.x, Port(4011))". The port number on this line goes up by 1 port number everytime.

Now, I don't really understand computers and what not but apparently UPnP is something trying to communticate with something with a "Hey, Im here", no? I just don't know why I'm being spammed with it. Also, the ip "239.255.255.250" is some multicast address, there are a TON of pages asking who this is. This is no new issue as I've seen posts dating back to 2001 - what is this? There is luck with people saying they've disabled UPnP/ssdp in services or UPnP from their router, which I don't have one, and then there is me with no luck.

I just want to be enlightened and told what might be casuing this, how I can check whats going on and, if I should be worried. thanks