[Dshield] What are microsoft up to
dshield at lists.bod.org
Sun Jun 8 23:24:25 GMT 2003
No insight into your question, but I'd like to tag on my own... I'm
puzzled by mystery Microsoft UDP traffic from:
18.104.22.168 port 7001 to <machine on local subnet> port 1052
22.214.171.124 port 7001 to <machine on local subnet> port 1070
I also see traffic from these ip/port combinations to high port
addresses. I suspect this traffic is related to MSN Messenger. My
firewall drops the traffic, and I see no ill effects.
> -----Original Message-----
> From: Mark Rowlands
> Sent: Saturday, June 07, 2003 12:38 AM
> On the subject of paranoia........
> Since Jun 6 21.00 gmt, I am getting two or threee
> unsolicitated UDP probes to 53 (dns) every hour
> from 8 different sources on two networks, all
> registered to Microsoft. 126.96.36.199 and
> Haven't had these before, havent installed any
> new MS software (on that date anyway)...
> any thoughts?
More information about the list