[Dshield] traffic towards Microsoft

Chuck Lewis clewis at iquest.net
Thu Feb 5 17:35:27 GMT 2004


Are these Windows XP ? I've heard some time back that XP like to "talk back"
to the "Mother Ship"...

Chuck

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Margles Singleton
Sent: Thursday, February 05, 2004 9:11 AM
To: list at dshield.org
Subject: [Dshield] traffic towards Microsoft

Hello;

I've seen some traffic that is odd for our network, blocked by our
firewall.  Coming from user desktops and going straight to the net -
evading the proxy server.  We did have minimal trouble with Mydoom.A,
which has been cleaned, but I don't see other symptoms of Mydoom - have
tried looking at open ports, the A/V software is fine and runs against
files opened on the desktop.....

Am I missing something obvious??

Thanks!
Margles

a.b.100.40	207.46.134.24	http	8	Microsoft
a.b.100.40	207.46.197.59	http	4	Microsoft

a.b.102.150	207.46.197.59	http	4	Microsoft
a.b.102.150	207.46.249.57	http	8	Microsoft

a.b.118.2		207.46.197.59	http	8	Microsoft

a.b.120.231	207.46.134.92	http	8	Microsoft
a.b.120.231	207.46.197.59	http	4	Microsoft

a.b.120.233	207.46.197.121	http	4	Microsoft
a.b.120.233	207.46.249.56	http	5	Microsoft

a.b.121.44	207.46.134.92	http	8	Microsoft
a.b.121.44	207.46.197.121	http	4	Microsoft

a.b.121.58	207.46.197.121	http	4	Microsoft
a.b.121.58	207.46.249.56	http	8	Microsoft

a.b.82.39		207.46.134.24	http	8	Microsoft
a.b.82.39		207.46.197.121	http	4	Microsoft

a.b.87.12		207.46.248.122	http	36	Microsoft

a.b.87.13		207.46.134.90	http	8	Microsoft
a.b.87.13		207.46.197.121	http	4	Microsoft

a.b.88.186	207.46.134.24	http	8	Microsoft
a.b.88.186	207.46.197.59	http	4	Microsoft

a.b.88.188	207.46.134.92	http	8	Microsoft
a.b.88.188	207.46.197.121	http	4	Microsoft

a.c.150.169	207.46.197.59	http	1	Microsoft
a.c.150.169	207.46.249.57	http	8	Microsoft

a.c.150.179	207.46.134.24	http	8	Microsoft
a.c.150.179	207.46.197.59	http	4	Microsoft

a.c.166.1		207.46.197.59	http	4	Microsoft
a.c.166.1		207.46.249.57	http	8	Microsoft

a.c.166.110	207.46.134.92	http	8	Microsoft
a.c.166.110	207.46.197.59	http	4	Microsoft

a.c.166.58	207.46.134.24	http	8	Microsoft
a.c.166.58	207.46.197.59	http	4	Microsoft

a.c.166.61	207.46.197.59	http	8	Microsoft

a.c.166.66	207.46.197.121	http	4	Microsoft
a.c.166.66	207.46.249.56	http	8	Microsoft

a.c.166.68	207.46.134.28	http	8	Microsoft
a.c.166.68	207.46.197.121	http	4	Microsoft

a.c.166.7		207.46.134.28	http	8	Microsoft
a.c.166.7		207.46.197.121	http	4	Microsoft

a.c.166.85	207.46.197.121	http	1	Microsoft
a.c.166.85	207.46.249.57	http	8	Microsoft

a.c.166.86	207.46.197.121	http	4	Microsoft
a.c.166.86	207.46.249.57	http	8	Microsoft

a.c.42.17		207.46.134.90	http	8	Microsoft
a.c.42.17		207.46.197.59	http	4	Microsoft

a.c.42.36		207.46.134.92	http	8	Microsoft
a.c.42.36		207.46.197.121	http	4	Microsoft

a.c.42.53		207.46.134.90	http	8	Microsoft
a.c.42.53		207.46.197.121	http	4	Microsoft

a.c.42.94		207.46.197.59	http	4	Microsoft
a.c.42.94		207.46.249.56	http	8	Microsoft

a.c.42.96		207.46.134.24	http	8	Microsoft
a.c.42.96		207.46.197.59	http	4	Microsoft

a.d.228.27	207.46.134.90	http	8	Microsoft
a.d.228.27	207.46.197.59	http	4	Microsoft

a.d.228.28	207.46.134.24	http	8	Microsoft
a.d.228.28	207.46.197.59	http	4	Microsoft

a.d.228.30	207.46.134.90	http	8	Microsoft
a.d.228.30	207.46.197.59	http	4	Microsoft

a.d.228.31	207.46.197.59	http	4	Microsoft
a.d.228.31	207.46.249.57	http	8	Microsoft

a.d.228.32	207.46.134.28	http	8	Microsoft
a.d.228.32	207.46.197.121	http	4	Microsoft

a.d.228.33	207.46.134.24	http	8	Microsoft
a.d.228.33	207.46.197.121	http	4	Microsoft

a.d.228.34	207.46.134.24	http	8	Microsoft
a.d.228.34	207.46.197.121	http	4	Microsoft

a.d.228.35	207.46.134.24	http	8	Microsoft
a.d.228.35	207.46.197.59	http	4	Microsoft

a.d.228.38	207.46.197.59	http	4	Microsoft
a.d.228.38	207.46.249.57	http	8	Microsoft

a.d.230.21	207.46.197.121	http	4	Microsoft
a.d.230.21	207.46.249.56	http	8	Microsoft

a.d.230.41	207.46.134.28	http	8	Microsoft
a.d.230.41	207.46.197.121	http	4	Microsoft

a.d.230.53	207.46.134.28	http	8	Microsoft
a.d.230.53	207.46.197.59	http	4	Microsoft

a.d.230.66	207.46.144.188	http	1	Microsoft
a.d.230.66	207.46.197.121	http	4	Microsoft


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list