While reviewing firewall logs that were sent to me from a Windows 7 box (the box is not a server) on a tiny network, I saw thousands of incoming SSDP UDP entries. The SSDP entries were nearly constant, occurring every 3 seconds (approx 1200 log entries per hour). The last time I was asked to review the logs for that network, I don't recall seeing such traffic.
The firewall log shows the SSDP traffic as incoming. As expected, the protocol is UDP. It is almost all coming from ::1 (loopback) over a single dynamic port (49152 - 65535) with a destination address of ff02::c (IPv6 link-local), port 1900. The SSDPSRV service of Windows is the Windows service handling the requests.
Is this type of traffic normal for networks containing a Win7 box?
If not, what should be attempted to fix the issue?