Re: Linksys WPC54G card utility contains spyware?

From: Doc Miller (mankypro_at_yahoo.com)
Date: 11/29/03 

Date: Sat, 29 Nov 2003 16:39:24 GMT

On Sat, 29 Nov 2003 14:13:14 GMT, Lars M. Hansen
<badnews@hansenonline.net> appears to have written:

>On Sat, 29 Nov 2003 04:26:33 GMT, Doc Miller spoketh
>
>>Has anyone else seen this? I just installed a WPC54G wireless .11g
>>card in my laptop and the configuration utility, wpc54cfg.exe, is
>>sending packets to Akamai via the daylight port.
>>

[snippy snip]

>
>Did you actually examine the packets, or are you just guessing? Because
>my first "guess" when I saw the daytime traffic was that it was actually
>attempting to ensure that the time on the computer was correct. As for
>the DNS lookups, it seems to me that it's merely testing the network
>connection to get an estimate on the quality.
>
>If you minimize the utility software, the DNS lookups and the daytime
>traffic will go away. If that doesn't work for you, right-click on the
>utility software icon in the system tray and select "exit". You don't
>actually need it running all the time, it only needs to be there to
>establish the network connection...

I concur with you on the DNS activity and I am OK with that.

I'm still trying to figure out the content of the daytime port
packets. It doesn't look like any daytime service data that I have
seen (although the RFC is pretty loose on the contents). I can't
believe it would attempt to set time since Akamai will be blocking
that port anyway. ntp (port 37) is probably better supported and more
accurate if you're going to go that route.

My main concern is what rolling out 200-300 of these cards will do to
my network. Exiting the utility stops the traffic but minimizing
doesn't see to as you mention. At least on XP.

Also, I can see someone at Akamai wanting to know why our corporate
network is flooding them with daytime service requests if I don't
filter for them (although I suspect their firewall drops them too :-)
I will look at this again next week and post here if I determine
anything conclusive.

Doc

Relevant Pages

  • Re: Linux als Router
    ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
    (de.comp.os.unix.linux.misc)
  • Re: Error 720 connecting to server via VPN
    ... By default the router's firewall is configured to drop ICMP packets ... Select WAN Setup> Advanced> Respond to Ping on Internet Port. ... server and the Internet allow GRE packets. ... routers on the user's network are also configured to allow GRE packets. ...
    (microsoft.public.windows.server.sbs)
  • RE: Mapping Class A network ( any easy trick?)
    ... and wondering how I can map the network ... packets per second rate to ask for. ... This will read the payloads.conf file which may have multiple payloads ... per port. ...
    (Pen-Test)
  • Re: Update: UDP 770 Potential Worm
    ... > I still believe that the packets may be the result ... with the goal of knocking machines ... the network immediately after the 'attack', ... destined to port if you haven't sniffed it somehow? ...
    (Incidents)
  • Re: UDP vs TCP
    ... TCP for instance will break up a large packet into smaller ... into the packets and then the receiving app would have to read ... Network Layer -> ethernet ... DOMAIN over port 53 ...
    (microsoft.public.vb.enterprise)