RE: Strange event showing up...

From: Free, Bob (RWF4@pge.com)
Date: 07/05/02


From: "Free, Bob" <RWF4@pge.com>
To: "'Christopher K. Casey'" <crscasey@attbi.com>, focus-ms@securityfocus.com
Date: Thu, 4 Jul 2002 15:31:00 -0700 

Has there ever been a PDA or similar device attached that may may have
unwittingly enabled IRDA support? Perhaps even an IR enabled printer driver?

In any case Device Manager 'should' provide insight and resolution by simply
disabling all IR support.

hth

-----Original Message-----
From: Christopher K. Casey [mailto:crscasey@attbi.com]
Sent: Thursday, July 04, 2002 12:43 PM
To: focus-ms@securityfocus.com
Subject: RE: Strange event showing up...

To elaborate further The computer is running Win2k Pro fully patched and has
no IR or wireless connections. These events happen in 2 to 5 min intervals
and hold no pattern. If there is a patch to this could someone direct me to
it there is nothing on the Win update page. Thank you all for the quick
response and your time...

-----Original Message-----
From: Mark West [mailto:markw@wwncorp.net]
Sent: Thursday, July 04, 2002 4:38 PM
To: 'Christopher K. Casey'; focus-ms@securityfocus.com
Subject: RE: Strange event showing up...

This is a known vulnerability. Download all the service releases and
security fixes.

- Mark West

-----Original Message-----
From: Christopher K. Casey [mailto:crscasey@attbi.com]
Sent: Thursday, July 04, 2002 1:16 AM
To: focus-ms@securityfocus.com
Subject: Strange event showing up...

Hello to all I seem to have hit upon a mystery. In reviewing my event
viewer
I am receiving the following event

EVENT ID 20158 Time 13:07 Source Remote Access The user User Name
successfully established a connection to The Internet (2) using the
device
IRDA6-1.
 (Please note I only have one internet connection and nic card and no
infrared devices that I know of, and not a wireless nic)
Then I get:
 ID 20159 Time 13:11 Source Remote access The connection to The Internet
(2)
made by user User Name using device IRDA6-1 was disconnected.
If anyone could shed some light on this I would be most grateful. Thank
you
in advance!