[plug] Is MS up to it's old tricks?
Trent Lloyd
trentlloyd at iprimus.com.au
Mon Dec 24 21:47:35 WST 2001
12345 = netbus
stupid people running trojans =)
At 11:37 AM 23/12/2001 +0800, you wrote:
>Yes, these machines are trying to query my gateway machine, for DNS info.
>Unfortunatly, I don't know what type of requests they are, as the gateway
>(old e-smith) only allows internal DNS access. (long story...)
>I'll see what I can do about that info though...
>I've got auto update turned off, but the activity positively skyrockets
>when you actually run windows update...
>
>Hell, I've paid an arm and a leg for their software, and now they're
>making me pay for extra traffic???
>Only Microsoft....
>
>Regards,
>
>Craig Foster
>
>PS Also being hit hard by korean DSL users for port 12345, but that's just
>par for the course...
>
> > -----Original Message-----
> > From: Mike [mailto:erazmus at iinet.net.au]
> > Sent: Sunday, 23 December 2001 11:00 AM
> > To: plug at plug.linux.org.au
> > Subject: Re: [plug] Is MS up to it's old tricks?
> >
> >
> > At 02:18 AM 23/12/2001 +0800, you wrote:
> > >Has anyone notice those people who've used WindowsXP on
> > their networks
> > >have been rigorously hit with DNS requests from Microsoft machines?
> >
> > aye ? Are you saying these IP addresses below are asking your IP
> > for DNS lookups ?
> >
> > Whats the format of the request, is it properly formed ?
> >
> > rgds
> >
> > mike
> >
> >
> >
> > >
> > >The offending IPs are :-
> > >207.68.131.17 (a MSN address)
> > >207.46.106.84 (sjwu3dns1.windowsupdate.com)
> > >
> > >I'm a tad miffed, as this happens on three networks I know of...
> > >
> > >
> > >Regards,
> > >
> > >Craig Foster
> > >FostWare Enterprises
> > >linux at ii.net
> > >Mob 0402 126 293
> > >ICQ 4413022
> > >
> > >Snippet of logs:
> > >
> > >Dec 23 01:25:43 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19892
> > F=0x0000 T=44 (#1)
> > >Dec 23 01:25:44 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19893
> > F=0x0000 T=44 (#1)
> > >Dec 23 01:25:45 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.68.131.17:10139 me.ii.net:53 L=45 S=0x00 I=19894
> > F=0x0000 T=44 (#1)
> > >Dec 23 01:25:59 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33038
> > F=0x0000 T=43 (#1)
> > >Dec 23 01:25:59 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33039
> > F=0x0000 T=43 (#1)
> > >Dec 23 01:26:00 server kernel: Packet log: denylog DENY
> > ppp0 PROTO=17
> > >207.46.106.84:7580 me.ii.net:53 L=45 S=0x00 I=33040
> > F=0x0000 T=43 (#1)
> > >
> > >Attachment Converted: "C:\MAIL\INCOMING\smime10.p7s"
> > >
> >
> >
> >
More information about the plug
mailing list