RE: Automatic Updates on XP Pro
From: Robert Buel (rbuel@asd-web.com)Date: 03/12/02
- Previous message: H C: "Re: Logs from WinNT/2k and Eventlog.pl"
- In reply to: Thor@HammerofGod.com: "RE: Automatic Updates on XP Pro"
- Next in thread: Jorge Roxo: "RE: Automatic Updates on XP Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert Buel" <rbuel@asd-web.com> To: <Thor@HammerofGod.com>, <FOCUS-MS@SECURITYFOCUS.COM> Date: Mon, 11 Mar 2002 22:00:26 -0600
I had problems with internal (NAT'd) network clients updating. These
clients are limited to WWW and other "permitted" services. If I removed
all outbound restrictions from these clients, the update succeeded. My
sniffer showed initial client outbound on port 80, but random ports
4700-4799 inbound on the negotiated return. I opened up this TCP port
range for my clients, and update suddenly started working. Looks like 80
out, but it wants to return traffic on these other ports. It's not a
great solution, just waiting for the 4701 port to be a Trojan!
B
-----Original Message-----
From: Thor@HammerofGod.com [mailto:Thor@HammerofGod.com]
Sent: Monday, March 11, 2002 12:59 PM
To: FOCUS-MS@SECURITYFOCUS.COM
Subject: RE: Automatic Updates on XP Pro
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OK- Some more info... I tried many of the previous recommendations:
Interact with Desktop, verifying service startup, removing
updates,logging
off and back on, etc... Nothing changed. Verified on a SNAT client on
the
main segment as well (my testing here done with ISA Firewall Client)- no
updates listed.
I fired up my trusty "NGS Sniff" Win2k/XP sniffer while starting and
stopping the service, etc with nothing.
Then I disabled the FW client, and dialed into my local backup ISDN
provider via a Network Connections Dial-Up profile (Firewalled) , and
started NGS Sniff again on that IP. After waiting for about a minute,
Auto
Update content started streaming by. Note that I did not have to go
into
IE or anything- just connected. I've got the entire transaction dump
saved
now and will share it once I see that it does not contain anything I
don't
want out there... It successfully downloaded the content, and then
notified
me that the updates were ready.
So, in my case anyway, it seems as if it checks only on an active
"Internet
Connection" and not on the LAN connection. It is all done over HTTP
1.1,
port 80. I will try some other things, but I would say it has
something
to do with Local LAN vs Network Connections as opposed to anything
NAT/Firewall/Web Client related. Any reports as to your findings or
configs would be appreciated. In particular, I would like to see the
config of people who are using a LAN-only connection (No VPN, Dial-up
profile, etc) where autoupdate works.
Thanks to all participating in this--
Cheers
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPIz+fohsmyD15h5gEQKSvwCgy97ANlxTNsEWngA1tnFMFeftWFcAoKbW
jCJKSctsxfe0h8x+vNpqSVHZ
=Jd8o
-----END PGP SIGNATURE-----
- Previous message: H C: "Re: Logs from WinNT/2k and Eventlog.pl"
- In reply to: Thor@HammerofGod.com: "RE: Automatic Updates on XP Pro"
- Next in thread: Jorge Roxo: "RE: Automatic Updates on XP Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
