[plug] Is MS up to it's old tricks?

Craig Foster fostware at iinet.net.au
Sun Dec 23 11:37:12 WST 2001


Yes, these machines are trying to query my gateway machine, for DNS info.
Unfortunatly, I don't know what type of requests they are, as the gateway
(old e-smith) only allows internal DNS access. (long story...)
I'll see what I can do about that info though...
I've got auto update turned off, but the activity positively skyrockets
when you actually run windows update...

Hell, I've paid an arm and a leg for their software, and now they're
making me pay for extra traffic???
Only Microsoft....

Regards,

Craig Foster

PS Also being hit hard by korean DSL users for port 12345, but that's just
par for the course...

> -----Original Message-----
> From: Mike [mailto:erazmus at iinet.net.au]
> Sent: Sunday, 23 December 2001 11:00 AM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] Is MS up to it's old tricks?
>
>
> At 02:18 AM 23/12/2001 +0800, you wrote:
> >Has anyone notice those people who've used WindowsXP on
> their networks
> >have been rigorously hit with DNS requests from Microsoft machines?
>
> aye ? Are you saying these IP addresses below are asking your IP
> for DNS lookups ?
>
> Whats the format of the request, is it properly formed  ?
>
> rgds
>
> mike
>
>
>
> >
> >The offending IPs are :-
> >207.68.131.17 (a MSN address)
> >207.46.106.84 (sjwu3dns1.windowsupdate.com)
> >
> >I'm a tad miffed, as this happens on three networks I know of...
> >
> >
> >Regards,
> >
> >Craig Foster
> >FostWare Enterprises
> >linux at ii.net
> >Mob 0402 126 293
> >ICQ 4413022
> >
> >Snippet of logs:
> >
> >Dec 23 01:25:43 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19892
> F=0x0000 T=44 (#1)
> >Dec 23 01:25:44 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19893
> F=0x0000 T=44 (#1)
> >Dec 23 01:25:45 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19894
> F=0x0000 T=44 (#1)
> >Dec 23 01:25:59 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33038
> F=0x0000 T=43 (#1)
> >Dec 23 01:25:59 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33039
> F=0x0000 T=43 (#1)
> >Dec 23 01:26:00 server kernel: Packet log: denylog DENY
> ppp0 PROTO=17
> >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33040
> F=0x0000 T=43 (#1)
> >
> >Attachment Converted: "C:\MAIL\INCOMING\smime10.p7s"
> >
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20011223/6dccce60/attachment.bin>


More information about the plug mailing list