Re: Packet from port 80 with spoofed microsoft.com ip

From: Chris Wilkes (cwilkes@ladro.com)
Date: 01/29/03

  • Next message: Jos Kirps|EducDesign: "Firewall logging port 6346" 
    Date: Wed, 29 Jan 2003 09:06:13 -0800
From: Chris Wilkes <cwilkes@ladro.com>
To: incidents@securityfocus.com

    On Wed, Jan 29, 2003 at 09:46:53PM +1100, Michael Rowe wrote:
    >
    > I received a packet on my cable modem today, allegedly from
    > microsoft.com:
    >
    > 18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460>

    Do you have any MS computers at home set to automatically check
    microsoft's site for updates?

    I thought I had it turned off but poking around the GUI I found under
    Control Panel - Servers "Automatic Update" set to Automatic. What's odd is
    that it isn't in my tray and I thought I disabled it.

    > No one was home at this time, and no computer running windows was
    > active, so I'm pretty sure this was not legit traffic (unless it was a
    > *very* delayed ack from a microsoft server, like > 6 hours. I guess
    > this is conceivable, given their current, er, issues :).

    By "active" do you mean "turned off"?

    Chris

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    Relevant Pages

    • Re: How to decide whether a window update should be installed or n
      ... around 60 computers. ... >> Automatic Update detects whether a window update should be installed or not. ... >> updates have been installed and what updates you should install. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
      (microsoft.public.windowsupdate)
    • RE: Open letter to MS
      ... automatic update on its 15 Windows SP computers has kept us out of problems. ... We did receive a Windows XP SP2 CD and installed it on all computers. ... > migrating my users over to Linux. ...
      (microsoft.public.windowsxp.general)
    • Is windows update possible without administrator rights
      ... I have a very annoying problem in our company. ... windows XP computers and it seems that microsoft automatic update ... can't update the computers when they are logged in with their power ... while and update computers with administrator rights. ...
      (microsoft.public.windowsupdate)
    • Update KB950749 and Error Code Dx80070005
      ... I'm new to computers and this group. ... Automatic Update KB950749 failed to install today and yesterday. ... I see in one spot that there is no Microsoft charge for ...
      (microsoft.public.windowsupdate)
    • Re: Packet from port 80 with spoofed microsoft.com ip
      ... On 03/01/29 09:06 -0800, Chris Wilkes wrote: ... > Do you have any MS computers at home set to automatically check ... > microsoft's site for updates? ...
      (Incidents)