Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

MSN appears to be being a bit snoopy via a Hotmail server...

From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: 02 Oct 2003 00:51:15 -0700

We are running a Linux floppyfw on the outside, splitting into an
unrestricted work space, and a stronger firewall to protect the office
side of things.

A computer was being setup that is running MSN software, and during it's
1 day on the benches, our good firewall recorded the following hits from
the below noted site, all of which were aimed  * directly *  at the IP
address of the internal firewall's NIC (represented by "xxx.xxx.xxx.xxx"
below) climbing over the floppyfw to do so...


        Time    Chain   Iface   Proto   Source          Src Port  Destination   Dst
Port
    11:34:12    INPUT   eth2     UDP    64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    11:34:13    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    11:34:14    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    11:34:15    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    14:31:43    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    14:31:43    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    14:31:44    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075
    14:31:45    INPUT   eth2    
UDP     64.4.12.201     7001    xxx.xxx.xxx.xxx 1075



Trying whois -h whois.arin.net 64.4.12.201
OrgName:    MS Hotmail 
OrgID:      MSHOTM
Address:    1065 La Avenida
City:       Mountain View
StateProv:  CA
PostalCode: 94043
Country:    US

NetRange:   64.4.0.0 - 64.4.63.255 
CIDR:       64.4.0.0/18 
NetName:    HOTMAIL
NetHandle:  NET-64-4-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:    
RegDate:    1999-11-24
Updated:    2003-06-27

TechHandle: MSFTP-ARIN
TechName:   MSFT-POC 
TechPhone:  +1-425-882-8080
TechEmail:  iprrms () microsoft com 

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC 
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  iprrms () microsoft com


And from our internal firewall's proxy logs, noone here was logged into
Hotmail or MSN servers during these times...

The above mentioned computer's time in our shop is the only thing I can
relate this traffic to, as noone is allowed to run MSN software on any
of our Linux workstations...

;-)

-- 

Cheers,

Dan Renner
President
Los Angeles Computerhelp
818-352-8700
http://losangelescomputerhelp.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: