[plug] Is MS up to it's old tricks?

Sun Dec 23 10:59:47 WST 2001

At 02:18 AM 23/12/2001 +0800, you wrote:
>Has anyone notice those people who've used WindowsXP on their networks
>have been rigorously hit with DNS requests from Microsoft machines?

aye ? Are you saying these IP addresses below are asking your IP
for DNS lookups ?

Whats the format of the request, is it properly formed  ?

rgds

mike

>
>The offending IPs are :-
>207.68.131.17 (a MSN address)
>207.46.106.84 (sjwu3dns1.windowsupdate.com)
>
>I'm a tad miffed, as this happens on three networks I know of...
>
>
>Regards,
>
>Craig Foster
>FostWare Enterprises
>linux at ii.net
>Mob 0402 126 293
>ICQ 4413022
>
>Snippet of logs:
>
>Dec 23 01:25:43 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19892 F=0x0000 T=44 (#1)
>Dec 23 01:25:44 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19893 F=0x0000 T=44 (#1)
>Dec 23 01:25:45 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19894 F=0x0000 T=44 (#1)
>Dec 23 01:25:59 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33038 F=0x0000 T=43 (#1)
>Dec 23 01:25:59 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33039 F=0x0000 T=43 (#1)
>Dec 23 01:26:00 server kernel: Packet log: denylog DENY ppp0 PROTO=17
>207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33040 F=0x0000 T=43 (#1)
>
>Attachment Converted: "C:\MAIL\INCOMING\smime10.p7s"
>