Full Disclosure mailing list archives
MSN appears to be being a bit snoopy via a Hotmail server...
From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: 02 Oct 2003 00:51:15 -0700
We are running a Linux floppyfw on the outside, splitting into an unrestricted work space, and a stronger firewall to protect the office side of things. A computer was being setup that is running MSN software, and during it's 1 day on the benches, our good firewall recorded the following hits from the below noted site, all of which were aimed * directly * at the IP address of the internal firewall's NIC (represented by "xxx.xxx.xxx.xxx" below) climbing over the floppyfw to do so... Time Chain Iface Proto Source Src Port Destination Dst Port 11:34:12 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 11:34:13 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 11:34:14 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 11:34:15 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 14:31:43 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 14:31:43 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 14:31:44 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 14:31:45 INPUT eth2 UDP 64.4.12.201 7001 xxx.xxx.xxx.xxx 1075 Trying whois -h whois.arin.net 64.4.12.201 OrgName: MS Hotmail OrgID: MSHOTM Address: 1065 La Avenida City: Mountain View StateProv: CA PostalCode: 94043 Country: US NetRange: 64.4.0.0 - 64.4.63.255 CIDR: 64.4.0.0/18 NetName: HOTMAIL NetHandle: NET-64-4-0-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Assignment NameServer: NS1.HOTMAIL.COM NameServer: NS3.HOTMAIL.COM NameServer: NS2.HOTMAIL.COM NameServer: NS4.HOTMAIL.COM Comment: RegDate: 1999-11-24 Updated: 2003-06-27 TechHandle: MSFTP-ARIN TechName: MSFT-POC TechPhone: +1-425-882-8080 TechEmail: iprrms () microsoft com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms () microsoft com And from our internal firewall's proxy logs, noone here was logged into Hotmail or MSN servers during these times... The above mentioned computer's time in our shop is the only thing I can relate this traffic to, as noone is allowed to run MSN software on any of our Linux workstations... ;-) -- Cheers, Dan Renner President Los Angeles Computerhelp 818-352-8700 http://losangelescomputerhelp.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSN appears to be being a bit snoopy via a Hotmail server... Daniel H. Renner (Oct 02)