Was vexing me for ages, why a scanner would find port 5000 open. I did a search here and found no hits for 5000, so I'm posting it just FYI, feel free to move this where it belongs here (if at all).
Port 5000

http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
"SSDPSRV ssdpsrv.exe WinME. For future Plug and Play devices only. Provides Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for Universal Plug and Play functionality. You can uninstall it by going to Add/Remove programs in Control Panel -> Windows Setup -> Communications.
**Starts up a web server on port 5000**"
thanks to Pacman
Now I know why I couldn't find/close it. A MS program was loading it at start up.
Think this was only for WinMe, but passing the info along.
I disabled it from loading at start up

Not to put too fine a point on it, Bill Gates is the 'brain' half of "Pinky and the Brain".
[hr]
"What are gonna do tonight, Microsoft? Brain?"

"Same we always do, Pinky - try to take over the world! Say, Pinky - are you thinking what I'm thinking?"

"Yeah, Brain! Digital Rights Management!"

"I'm going to have to hurt you, Pinky - not even I could be as evil as that!"

Pause

"Pinky, you're right! Enter your credit card details for the rest of my reply!"

Rxdoxx - Actually, the reason you couldn't find any reference to it on this board is because the issue originally arose when we were on the old board:
http://pub24.ezboard.com/fsecureyesecurityfrm6.showMessage?topicID=197.topic .

See also this link: http://grc.com/UnPnP/UnPnP.htm . Pete

Thanks Pete!

Sometimes I appear brilliant, and other times miss the obvious, but I slowly learn different pockets of information.
I had seen the Gibson article quite a while ago, and stumbled on port 5000 open on my system, but somehow the two never clicked in my brain.
(I'm better now thanks :) )

Read your link to the old board, did a control F and looked for 5000, no hit. I realize also I'm in the guru section of the internet for Security, but if it could fly by me, I'm sure that others have missed it also, especially those like me who don't breathe security but do as best we can as we go along.

To add a quote from the Steve Gibson page that was perhaps the most informative for me...
"Universal Plug & Play is not related to the established Plug & Play hardware standard for PCs. Microsoft presumably adopted the name "Universal Plug & Play" because it is a warm and fuzzy feel-good name. A more descriptive name would have been "Network Plug & Play" since that is exactly what it is."

So I learn that it has nothing to do with P&P for my mouse or devices, only MS and Network. I'm sure that was part of my confusion ages ago.

Thanks again.

You're quite welcome!

And thanks for reminding us about it. Pete

I just wanted to ad to writerrangers way to disable the service in Windows XP. writerrangers way below and mine below that.
1. Start>Control Panel>Admin Tools>Services
2. Scroll down to "SSDP Discovery Service"
3. Click on "Stop The Service"

End of security threat.

START, RUN type MSCONFIG, Click on SERVICES, scroll down to SSDP Discovery Service uncheckbox, Scroll to Universal P&P , Uncheck box
scroll to Distributed Link Tracing and uncheck da box ect, ect ect