[Dshield] What are microsoft up to

Keith keith at keithbergen.com
Mon Jun 9 01:04:52 GMT 2003


I don't think that it is MSN Messenger traffic. I use that every day, and
yet I only have one connection with 65.54.240.*, and that is a single
out-going packet.

I'm not sure what it is, but you are right to block it. I feel that a "block
anything unknown" is the most appropriate action. Or, if you prefer, "allow
only anything that you know".

Keith.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Paul Chambers
Sent: Sunday, June 08, 2003 7:24 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] What are microsoft up to


No insight into your question, but I'd like to tag on my own... I'm
puzzled by mystery Microsoft UDP traffic from:

  65.54.240.61 port 7001 to <machine on local subnet> port 1052
  65.54.240.62 port 7001 to <machine on local subnet> port 1070

I also see traffic from these ip/port combinations to high port
addresses. I suspect this traffic is related to MSN Messenger. My
firewall drops the traffic, and I see no ill effects.

Paul

> -----Original Message-----
> From: Mark Rowlands
> Sent: Saturday, June 07, 2003 12:38 AM
> 
> On the subject of paranoia........
> 
> Since Jun 6 21.00 gmt, I am getting two or threee 
> unsolicitated UDP probes to 53 (dns) every hour
> from 8 different sources on two networks, all
> registered to Microsoft. 207.46.150.0 and
> 207.46.245.0.......
> 
> Haven't had these before, havent installed any
> new MS software (on that date anyway)...
> any thoughts?

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list