Re: Which process trying to access net?

From: David (davidwnh_at_adelphia.net)
Date: 08/05/03 

Date: Tue, 05 Aug 2003 18:40:51 GMT

The two most probable services trying this type of access are the windows
update service and the BITS service. I believe the windows update service
normally uses a different DNS, however the cname might be being used to
point to the same or to load balance traffic. On the other hand any program
can use the BITS service to "dribble" updates to the machine. If you have
this service running the most likely suspect would be windows or msn
messenger. They may have also incorporated BITS into some of their other
programs?

Otherwise if you shut off both the Windows Updates and BITS services and
this still keeps happening I would do some further investigation. Cnames can
be used for dns cache poisoning attacks. So if disabling all MS related
automatic updates doesn't solve the problem you should take a closer look at
the cached information on your dns server and use an online service like
samspade to compare/verify the dns and ip addresses in your own servers
cache.

Chances are it is something valid looking for updates via the BITS service
so look thoroughly for a valid explanation before suspecting the worst.

> >I've blocked several processes from accessing the net by using Sygate
> >Firewall on my Windows XP Pro. But I notice from the event log of my
> >DNS server that one process is still requesting for the IP of
> >"download.microsoft.com" every other few minutes.

Relevant Pages

  • Re: Downloading all updates after SP2
    ... > Is it possible to down load ALL the updates after SP2 in one hit. ... > there was an awful lot of updates to install (I stopped counting at ... > Where can i go to download all of the updates (i have a list from ... > Windows Update that i printed off before i abandoned the update on ...
    (microsoft.public.windowsupdate)
  • WARNING LONG - Brian Livingstons take on Windows Genuine Advantage
    ... Genuine Advantage is Microsoft spyware ... Some tech writers have said categorizing WGA as spyware is arguable. ... It causes serious problems for some legitimate Windows users and was sprung on customers with no notice other than a press release the day before. ... If an instance of Windows doesn't seem to have a valid license, display notices to the user and prevent any updates being downloaded from Microsoft.com except security upgrades that are rated "Critical." ...
    (alt.sys.pc-clone.dell)
  • Re: WindowsXP slower after reinstall.
    ... How can I tell where to go to find the lastest drivers? ... >>> Did you get on the Internet unprotected by a firewall or antivirus? ... >>> Direct Download of Service Pack 2 for Windows XP ... >>> You can download all updates and burn them to CD.. ...
    (microsoft.public.windowsxp.basics)
  • Re: Creating a Update CD for Distro
    ... > to my offline users that includes Windows Updates, ... will - over time - download and install what they need for them. ... better informed about your options when it comes to the Windows Updates. ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsupdate)
  • Re: Are security updates available for saving to CD
    ... > Is it possible to get the post sp2 service updates downloaded so I ... better informed about your options when it comes to the Windows Updates. ... Direct Download of Service Pack 2 for Windows XP ... Empty your Temporary Internet Files and shrink the size it stores to a ...
    (microsoft.public.windowsxp.setup_deployment)