[Dshield] traffic towards Microsoft

Chuck Lewis clewis at iquest.net
Fri Feb 6 13:39:04 GMT 2004


Al,

Yep, I'm familiar with Auto Update and have it checking on our PC's but not
auto downloading (we are primarily NT and W2K Pro). And I see nothing like
Margles mentioned in the original post (?)

But as you mention GRC, I think it was on their list or some other back when
XP first came out and it had all KINDS of stuff that caused security folks
to have concerns (i.e. what is it sending out and why).

Chuck

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Al Reust
Sent: Thursday, February 05, 2004 10:43 PM
To: General DShield Discussion List
Subject: RE: [Dshield] traffic towards Microsoft

While the other communication port escapes me (other than 80).. Can you say 
Windows "Automatic Update?"

If you say Win2K - SP4 it turns on Automatic Update and Background 
Intelligent Transfer. One fix in XP forces/turns that on also. I no longer 
have a Win9X/ME box to test. So while it is phoning home, some user 
intervention is still required, to fully enable.

6/8 months ago was a discussion of what was being "phoned" home as the data 
stream was encrypted.. I Think GRC caught it before it was encrypted.. for 
the details. So I guess I will have to wade back to other "lists" to verify.

Al


At 12:35 PM 2/5/2004 -0500, you wrote:
>Are these Windows XP ? I've heard some time back that XP like to "talk
back"
>to the "Mother Ship"...
>
>Chuck
>
>-----Original Message-----
>From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
>Of Margles Singleton
>Sent: Thursday, February 05, 2004 9:11 AM
>To: list at dshield.org
>Subject: [Dshield] traffic towards Microsoft
>
>Hello;
>
>I've seen some traffic that is odd for our network, blocked by our
>firewall.  Coming from user desktops and going straight to the net -
>evading the proxy server.  We did have minimal trouble with Mydoom.A,
>which has been cleaned, but I don't see other symptoms of Mydoom - have
>tried looking at open ports, the A/V software is fine and runs against
>files opened on the desktop.....
>
>Am I missing something obvious??
>
>Thanks!
>Margles
>
>a.b.100.40      207.46.134.24   http    8       Microsoft
>a.b.100.40      207.46.197.59   http    4       Microsoft
>
>a.b.102.150     207.46.197.59   http    4       Microsoft
>a.b.102.150     207.46.249.57   http    8       Microsoft
>
>a.b.118.2               207.46.197.59   http    8       Microsoft
>
>a.b.120.231     207.46.134.92   http    8       Microsoft
>a.b.120.231     207.46.197.59   http    4       Microsoft
>
>a.b.120.233     207.46.197.121  http    4       Microsoft
>a.b.120.233     207.46.249.56   http    5       Microsoft
>
>a.b.121.44      207.46.134.92   http    8       Microsoft
>a.b.121.44      207.46.197.121  http    4       Microsoft
>
>a.b.121.58      207.46.197.121  http    4       Microsoft
>a.b.121.58      207.46.249.56   http    8       Microsoft
>
>a.b.82.39               207.46.134.24   http    8       Microsoft
>a.b.82.39               207.46.197.121  http    4       Microsoft
>
>a.b.87.12               207.46.248.122  http    36      Microsoft
>
>a.b.87.13               207.46.134.90   http    8       Microsoft
>a.b.87.13               207.46.197.121  http    4       Microsoft
>
>a.b.88.186      207.46.134.24   http    8       Microsoft
>a.b.88.186      207.46.197.59   http    4       Microsoft
>
>a.b.88.188      207.46.134.92   http    8       Microsoft
>a.b.88.188      207.46.197.121  http    4       Microsoft
>
>a.c.150.169     207.46.197.59   http    1       Microsoft
>a.c.150.169     207.46.249.57   http    8       Microsoft
>
>a.c.150.179     207.46.134.24   http    8       Microsoft
>a.c.150.179     207.46.197.59   http    4       Microsoft
>
>a.c.166.1               207.46.197.59   http    4       Microsoft
>a.c.166.1               207.46.249.57   http    8       Microsoft
>
>a.c.166.110     207.46.134.92   http    8       Microsoft
>a.c.166.110     207.46.197.59   http    4       Microsoft
>
>a.c.166.58      207.46.134.24   http    8       Microsoft
>a.c.166.58      207.46.197.59   http    4       Microsoft
>
>a.c.166.61      207.46.197.59   http    8       Microsoft
>
>a.c.166.66      207.46.197.121  http    4       Microsoft
>a.c.166.66      207.46.249.56   http    8       Microsoft
>
>a.c.166.68      207.46.134.28   http    8       Microsoft
>a.c.166.68      207.46.197.121  http    4       Microsoft
>
>a.c.166.7               207.46.134.28   http    8       Microsoft
>a.c.166.7               207.46.197.121  http    4       Microsoft
>
>a.c.166.85      207.46.197.121  http    1       Microsoft
>a.c.166.85      207.46.249.57   http    8       Microsoft
>
>a.c.166.86      207.46.197.121  http    4       Microsoft
>a.c.166.86      207.46.249.57   http    8       Microsoft
>
>a.c.42.17               207.46.134.90   http    8       Microsoft
>a.c.42.17               207.46.197.59   http    4       Microsoft
>
>a.c.42.36               207.46.134.92   http    8       Microsoft
>a.c.42.36               207.46.197.121  http    4       Microsoft
>
>a.c.42.53               207.46.134.90   http    8       Microsoft
>a.c.42.53               207.46.197.121  http    4       Microsoft
>
>a.c.42.94               207.46.197.59   http    4       Microsoft
>a.c.42.94               207.46.249.56   http    8       Microsoft
>
>a.c.42.96               207.46.134.24   http    8       Microsoft
>a.c.42.96               207.46.197.59   http    4       Microsoft
>
>a.d.228.27      207.46.134.90   http    8       Microsoft
>a.d.228.27      207.46.197.59   http    4       Microsoft
>
>a.d.228.28      207.46.134.24   http    8       Microsoft
>a.d.228.28      207.46.197.59   http    4       Microsoft
>
>a.d.228.30      207.46.134.90   http    8       Microsoft
>a.d.228.30      207.46.197.59   http    4       Microsoft
>
>a.d.228.31      207.46.197.59   http    4       Microsoft
>a.d.228.31      207.46.249.57   http    8       Microsoft
>
>a.d.228.32      207.46.134.28   http    8       Microsoft
>a.d.228.32      207.46.197.121  http    4       Microsoft
>
>a.d.228.33      207.46.134.24   http    8       Microsoft
>a.d.228.33      207.46.197.121  http    4       Microsoft
>
>a.d.228.34      207.46.134.24   http    8       Microsoft
>a.d.228.34      207.46.197.121  http    4       Microsoft
>
>a.d.228.35      207.46.134.24   http    8       Microsoft
>a.d.228.35      207.46.197.59   http    4       Microsoft
>
>a.d.228.38      207.46.197.59   http    4       Microsoft
>a.d.228.38      207.46.249.57   http    8       Microsoft
>
>a.d.230.21      207.46.197.121  http    4       Microsoft
>a.d.230.21      207.46.249.56   http    8       Microsoft
>
>a.d.230.41      207.46.134.28   http    8       Microsoft
>a.d.230.41      207.46.197.121  http    4       Microsoft
>
>a.d.230.53      207.46.134.28   http    8       Microsoft
>a.d.230.53      207.46.197.59   http    4       Microsoft
>
>a.d.230.66      207.46.144.188  http    1       Microsoft
>a.d.230.66      207.46.197.121  http    4       Microsoft
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
>http://www.dshield.org/mailman/listinfo/list
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list