[plug] Is MS up to it's old tricks?

Craig Foster fostware at iinet.net.au
Sun Dec 23 02:18:05 WST 2001


Has anyone notice those people who've used WindowsXP on their networks
have been rigorously hit with DNS requests from Microsoft machines?

The offending IPs are :-
207.68.131.17 (a MSN address)
207.46.106.84 (sjwu3dns1.windowsupdate.com)

I'm a tad miffed, as this happens on three networks I know of...


Regards,

Craig Foster
FostWare Enterprises
linux at ii.net
Mob 0402 126 293
ICQ 4413022

Snippet of logs:

Dec 23 01:25:43 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19892 F=0x0000 T=44 (#1)
Dec 23 01:25:44 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19893 F=0x0000 T=44 (#1)
Dec 23 01:25:45 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19894 F=0x0000 T=44 (#1)
Dec 23 01:25:59 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33038 F=0x0000 T=43 (#1)
Dec 23 01:25:59 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33039 F=0x0000 T=43 (#1)
Dec 23 01:26:00 server kernel: Packet log: denylog DENY ppp0 PROTO=17
207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33040 F=0x0000 T=43 (#1)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20011223/84e13e25/attachment.bin>


More information about the plug mailing list