Re: Linksys WPC54G card utility contains spyware?

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 11/29/03 

Date: Sat, 29 Nov 2003 17:47:04 GMT

On Sat, 29 Nov 2003 16:39:24 GMT, Doc Miller spoketh

>
>I concur with you on the DNS activity and I am OK with that.
>
>I'm still trying to figure out the content of the daytime port
>packets. It doesn't look like any daytime service data that I have
>seen (although the RFC is pretty loose on the contents). I can't
>believe it would attempt to set time since Akamai will be blocking
>that port anyway. ntp (port 37) is probably better supported and more
>accurate if you're going to go that route.
>
>My main concern is what rolling out 200-300 of these cards will do to
>my network. Exiting the utility stops the traffic but minimizing
>doesn't see to as you mention. At least on XP.
>
>Also, I can see someone at Akamai wanting to know why our corporate
>network is flooding them with daytime service requests if I don't
>filter for them (although I suspect their firewall drops them too :-)
>I will look at this again next week and post here if I determine
>anything conclusive.
>
>Doc

Well, I'm blocking daytime on my firewall, and the only time I'm seeing
those getting blocked is when I've been messing around with the utility
software...

Once I'm doing sniffing ZoneAlarm packets, I'll see what I can find out
what goes on with those daytime packets...

BTW, see if perhaps you can block those packets on the switch. May even
be worthwhile to invest in a decent Cisco switch to connect the WAPs to
just so you can block traffic (and MAC addresses) there.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)