Recently eSoft's Threatlabs found an increase in malware using uPnP - SSDP protocols to find new gateways out of a network. It appears that the effectiveness and increased use of IPS have impacted bot maintainers. Their answer - find another gateway. They are now sending uPnP packets to discover different gateways on their local network. If you are an IT manager, be sure to know where all the exits on your network live.