[Dshield] traffic towards Microsoft

Margles Singleton MarglesSingleton at firsthealth.com
Fri Feb 6 17:41:33 GMT 2004


Thanks, everyone!  I got a good laugh out of this one.  ...now to
correct!

mas


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf
Of Al Reust
Sent: Thursday, February 05, 2004 10:43 PM
To: General DShield Discussion List
Subject: RE: [Dshield] traffic towards Microsoft

While the other communication port escapes me (other than 80).. Can you
say 
Windows "Automatic Update?"

If you say Win2K - SP4 it turns on Automatic Update and Background 
Intelligent Transfer. One fix in XP forces/turns that on also. I no
longer 
have a Win9X/ME box to test. So while it is phoning home, some user 
intervention is still required, to fully enable.

6/8 months ago was a discussion of what was being "phoned" home as the
data 
stream was encrypted.. I Think GRC caught it before it was encrypted..
for 
the details. So I guess I will have to wade back to other "lists" to
verify.

Al


At 12:35 PM 2/5/2004 -0500, you wrote:
>Are these Windows XP ? I've heard some time back that XP like to
"talk
back"
>to the "Mother Ship"...
>
>Chuck
>
>-----Original Message-----
>From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf
>Of Margles Singleton
>Sent: Thursday, February 05, 2004 9:11 AM
>To: list at dshield.org 
>Subject: [Dshield] traffic towards Microsoft
>
>Hello;
>
>I've seen some traffic that is odd for our network, blocked by our
>firewall.  Coming from user desktops and going straight to the net -
>evading the proxy server.  We did have minimal trouble with Mydoom.A,
>which has been cleaned, but I don't see other symptoms of Mydoom -
have
>tried looking at open ports, the A/V software is fine and runs
against
>files opened on the desktop.....
>
>Am I missing something obvious??
>
>Thanks!
>Margles
>
>a.b.100.40      207.46.134.24   http    8       Microsoft
>a.b.100.40      207.46.197.59   http    4       Microsoft
>
>a.b.102.150     207.46.197.59   http    4       Microsoft
>a.b.102.150     207.46.249.57   http    8       Microsoft
>
>a.b.118.2               207.46.197.59   http    8       Microsoft
>
>a.b.120.231     207.46.134.92   http    8       Microsoft
>a.b.120.231     207.46.197.59   http    4       Microsoft
>
>a.b.120.233     207.46.197.121  http    4       Microsoft
>a.b.120.233     207.46.249.56   http    5       Microsoft
>
>a.b.121.44      207.46.134.92   http    8       Microsoft
>a.b.121.44      207.46.197.121  http    4       Microsoft
>
>a.b.121.58      207.46.197.121  http    4       Microsoft
>a.b.121.58      207.46.249.56   http    8       Microsoft
>
>a.b.82.39               207.46.134.24   http    8       Microsoft
>a.b.82.39               207.46.197.121  http    4       Microsoft
>
>a.b.87.12               207.46.248.122  http    36      Microsoft
>
>a.b.87.13               207.46.134.90   http    8       Microsoft
>a.b.87.13               207.46.197.121  http    4       Microsoft
>
>a.b.88.186      207.46.134.24   http    8       Microsoft
>a.b.88.186      207.46.197.59   http    4       Microsoft
>
>a.b.88.188      207.46.134.92   http    8       Microsoft
>a.b.88.188      207.46.197.121  http    4       Microsoft
>
>a.c.150.169     207.46.197.59   http    1       Microsoft
>a.c.150.169     207.46.249.57   http    8       Microsoft
>
>a.c.150.179     207.46.134.24   http    8       Microsoft
>a.c.150.179     207.46.197.59   http    4       Microsoft
>
>a.c.166.1               207.46.197.59   http    4       Microsoft
>a.c.166.1               207.46.249.57   http    8       Microsoft
>
>a.c.166.110     207.46.134.92   http    8       Microsoft
>a.c.166.110     207.46.197.59   http    4       Microsoft
>
>a.c.166.58      207.46.134.24   http    8       Microsoft
>a.c.166.58      207.46.197.59   http    4       Microsoft
>
>a.c.166.61      207.46.197.59   http    8       Microsoft
>
>a.c.166.66      207.46.197.121  http    4       Microsoft
>a.c.166.66      207.46.249.56   http    8       Microsoft
>
>a.c.166.68      207.46.134.28   http    8       Microsoft
>a.c.166.68      207.46.197.121  http    4       Microsoft
>
>a.c.166.7               207.46.134.28   http    8       Microsoft
>a.c.166.7               207.46.197.121  http    4       Microsoft
>
>a.c.166.85      207.46.197.121  http    1       Microsoft
>a.c.166.85      207.46.249.57   http    8       Microsoft
>
>a.c.166.86      207.46.197.121  http    4       Microsoft
>a.c.166.86      207.46.249.57   http    8       Microsoft
>
>a.c.42.17               207.46.134.90   http    8       Microsoft
>a.c.42.17               207.46.197.59   http    4       Microsoft
>
>a.c.42.36               207.46.134.92   http    8       Microsoft
>a.c.42.36               207.46.197.121  http    4       Microsoft
>
>a.c.42.53               207.46.134.90   http    8       Microsoft
>a.c.42.53               207.46.197.121  http    4       Microsoft
>
>a.c.42.94               207.46.197.59   http    4       Microsoft
>a.c.42.94               207.46.249.56   http    8       Microsoft
>
>a.c.42.96               207.46.134.24   http    8       Microsoft
>a.c.42.96               207.46.197.59   http    4       Microsoft
>
>a.d.228.27      207.46.134.90   http    8       Microsoft
>a.d.228.27      207.46.197.59   http    4       Microsoft
>
>a.d.228.28      207.46.134.24   http    8       Microsoft
>a.d.228.28      207.46.197.59   http    4       Microsoft
>
>a.d.228.30      207.46.134.90   http    8       Microsoft
>a.d.228.30      207.46.197.59   http    4       Microsoft
>
>a.d.228.31      207.46.197.59   http    4       Microsoft
>a.d.228.31      207.46.249.57   http    8       Microsoft
>
>a.d.228.32      207.46.134.28   http    8       Microsoft
>a.d.228.32      207.46.197.121  http    4       Microsoft
>
>a.d.228.33      207.46.134.24   http    8       Microsoft
>a.d.228.33      207.46.197.121  http    4       Microsoft
>
>a.d.228.34      207.46.134.24   http    8       Microsoft
>a.d.228.34      207.46.197.121  http    4       Microsoft
>
>a.d.228.35      207.46.134.24   http    8       Microsoft
>a.d.228.35      207.46.197.59   http    4       Microsoft
>
>a.d.228.38      207.46.197.59   http    4       Microsoft
>a.d.228.38      207.46.249.57   http    8       Microsoft
>
>a.d.230.21      207.46.197.121  http    4       Microsoft
>a.d.230.21      207.46.249.56   http    8       Microsoft
>
>a.d.230.41      207.46.134.28   http    8       Microsoft
>a.d.230.41      207.46.197.121  http    4       Microsoft
>
>a.d.230.53      207.46.134.28   http    8       Microsoft
>a.d.230.53      207.46.197.59   http    4       Microsoft
>
>a.d.230.66      207.46.144.188  http    1       Microsoft
>a.d.230.66      207.46.197.121  http    4       Microsoft
>
>
>_______________________________________________
>list mailing list
>list at dshield.org 
>To change your subscription options (or unsubscribe), see:
>http://www.dshield.org/mailman/listinfo/list 
>
>_______________________________________________
>list mailing list
>list at dshield.org 
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list 

_______________________________________________
list mailing list
list at dshield.org 
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list 

_______________________________________________
list mailing list
list at dshield.org 
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list 





More information about the list mailing list