Re: understanding chkrootkit: sshd section

From: Helmuth Kump (hwk@hwk.best.vwh.net)
Date: 12/31/01


From: Helmuth Kump <hwk@hwk.best.vwh.net>
Date: Mon, 31 Dec 2001 13:59:55 +0000


On 30 Dec 2001, gaius.petronius wrote:

> installed chkrootkit 0.34 on a Mandrake 8.1 Linux kernel 2.4n system
> connected to an internal network.
>
> i wanted to see what kind of activity it would report since i am very
> confident that this machine is clean.
>
> lo and behold running this inexpert mode './chkrootkit -x' yields a
> load of crap that i have no [expletive deleted] idea what the

Did you get this message: sshd infected but disabled? I also ran
chkrootkit and got the same. My ssh is from F-secure, not open ssh.
Therefore I ran debug mode, chkrootkit -d sshd. Looks like it returns the
string ^1234$ (1234 by itself on a line) thus the positive report on
strings.

This is when it egrep's the executable for various strings.

I got the source direct from the vendor. I'm pretty confident it's a
false positive but will verify :-)

> [expletive deleted] it means, like:
>
> ### Output of: /usr/bin/strings -a /bin/ps
> ###
> /lib/ld-linux.so.2
> __gmon_start__
> libproc.so.2.0.7
> dev_to_tty
> procps_version
> Hertz
> _DYNAMIC
> ps_readproc
> reset_sort_options
> read_total_main
> open_psdb
> _init
> display_version
> openproc
> look_up_our_self
> linux_version_code
> closeproc
> uptime
> _fini
> wchan
> _GLOBAL_OFFSET_TABLE_
> libc.so.6
>
>
> nevertheless, in the hope that this endless stream of incoherency
> would at last come to life i plowed through this crap and stumbled
> onto this: a section on sshd.
>
> i snipped only what seems to belong to the sshd section.
> i am inclined to believe that it tells me only one thing: that the
> machine used to have another name and that the .ssh/known_hosts key
> must be deleted for the old name.
>
> other than that i see no coherent message from this bundle of
> programs.
>
>
> can anyone help me read the output of 'chkrootkit -x' and help me
> guess what this [expletive deleted] piece of [expletive deleted] is
> trying the [expletive deleted] to say?
>
> and TIA to all.
>
>
> -------------------------
> chkroot crap snippet here:
> --------------------------
>
>
> SSH PRIVATE KEY FILE FORMAT 1.1
> ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
> @(#)$OpenBSD: ssh.c,v 1.116 2001/04/17 12:55:04 markus Exp $
> Usage: %s [options] host [command]
> -l user Log in using this user name.
> -n Redirect input from /dev/null.
> -A Enable authentication agent forwarding.
> -a Disable authentication agent forwarding.
> -X Enable X11 connection forwarding.
> -x Disable X11 connection forwarding.
> -i file Identity for public key authentication (default:
> ~/.ssh/identity)
> -t Tty; allocate a tty even if command is given.
> -T Do not allocate a tty.
> -v Verbose; display verbose debugging messages.
> Multiple -v increases verbosity.
> -V Display version number only.
> -P Don't allocate a privileged port.
> -q Quiet; don't display any warning messages.
> -f Fork into background after authentication.
> -e char Set escape character; ``none'' = disable (default: ~).
> -c cipher Select encryption algorithm: ``3des'', ``blowfish''
> -m macs Specify MAC algorithms for protocol version 2.
> -p port Connect to this port. Server must be on the same port.
> -L listen-port:host:port Forward local port to remote address
> -R listen-port:host:port Forward remote port to local address
> These cause %s to listen for connections on a port, and
> forward them to the other side by connecting to
> host:port.
> -C Enable compression.
> -N Do not execute a shell or command.
> -g Allow remote hosts to connect to forwarded ports.
> -1 Force protocol version 1.
> -2 Force protocol version 2.
> -o 'option' Process the option as if it was read from a
> configuration file.
> -s Invoke command (mandatory) as SSH2 subsystem.
> Using rsh. WARNING: Connection will not be encrypted.
> Warning: Identity file %s does not exist.
> Too many identity files specified (max %d)
> %s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx
> Bad forwarding specification '%s'.
> You must specify a subsystem to invoke.
> Cannot fork into background without a command to execute.
> Pseudo-terminal will not be allocated because stdin is not a terminal.
> Rhosts Authentication disabled, originating port will not be trusted.
> Could not create directory '%.200s'.
> ; reverting to insecure method
> Secure connection to %.100s on port %hu refused%.100s.
> Secure connection to %.100s refused%.100s.
> %.100s list %.200s 2>/dev/null
> Connections to local port %d forwarded to remote address %.200s:%d
> Could not request local forwarding.
> Connections to remote port %d forwarded to local address %.200s:%d
> Requesting compression at level %d.
> Compression level must be from 1 (fast) to 9 (slow, best).
> Warning: Remote host refused compression.
> Protocol error waiting for compression response.
> Warning: Remote host failed or refused to allocate a pseudo tty.
> Protocol error waiting for pty request response.
> Requesting X11 forwarding with authentication spoofing.
> Warning: Remote host denied X11 forwarding.
> Protocol error waiting for X11 forwarding
> Requesting authentication agent forwarding.
> Packet integrity error (%d != %d) at %s:%d
> Warning: Remote host denied authentication agent forwarding.
> Packet integrity error (%d bytes remaining) at %s:%d
> Request for subsystem '%.*s' failed on channel %d
> Options:
> -4 Use IPv4 only.
> -6 Use IPv6 only.
> /usr/bin/rsh
> setrlimit failed: %.100s
> You don't exist, go away!
> eilcmpLRDo
> Too high debugging level.
> OpenSSH_2.9p2
> none
> Bad escape character '%s'.
> Unknown cipher type '%s'
> 3des-cbc
> blowfish-cbc
> Unknown mac type '%s'
> Bad port '%s'
> %hu/%255[^/]/%hu
> %hu:%255[^:]:%hu
> Bad dynamic port '%s'
> command-line
> .ssh/config
> %.100s/%.100s
> /etc/ssh/ssh_config
> rsh_connect returned
> /etc/ssh/ssh_host_key
> /etc/ssh/ssh_host_dsa_key
> /etc/ssh/ssh_host_rsa_key
> .ssh
> clear hostkey %d
> DISPLAY
> %*s %s %s
> MIT-MAGIC-COOKIE-1
> %02x
> Requesting pty.
> TERM
> ssh.c
> Packet integrity error. (%d)
> daemon() failed: %.200s
> Sending command: %.*s
> Requesting shell.
> Packet integrity error.
> client_init id %d arg %ld
> pty-req
> auth-agent-req@openssh.com
> Sending subsystem: %.*s
> subsystem
> exec
> shell
> /dev/null
> dup() in/out/err failed
> client-session
> channel_new: %d
> identity file %s type %d
> @(#)$OpenBSD: sshconnect.c,v 1.104 2001/04/12 19:15:25 markus Exp $
> Could not create pipes to communicate with the proxy: %.100s
> Executing proxy command: %.500s
> ssh_connect: getuid %u geteuid %u anon %d
> ssh_connect: getnameinfo failed
> Connecting to %.200s [%.100s] port %s.
> setsockopt SO_KEEPALIVE: %.100s
> ssh_exchange_identification: read: %.100s
> ssh_exchange_identification: Connection closed by remote host
> ssh_exchange_identification: %s
> Bad remote protocol version identification: '%.100s'
> Remote protocol version %d.%d, remote software version %.100s
> Remote machine has too old SSH software version.
> Agent forwarding disabled for protocol 1.3
> Protocol major versions differ: %d vs. %d
> Forcing accepting of host key for loopback/localhost.
> check_host_key: getnameinfo failed
> Host '%.200s' is known and matches the %s host key.
> Failed to add the %s host key for IP address '%.128s' to the list of
> known hosts (%.30s).
> Warning: Permanently added the %s host key for IP address '%.128s' to
> the list of known hosts.
> No %s host key is known for %.200s and you have requested strict
> checking.
> The authenticity of host '%.200s (%s)' can't be established.
> %s key fingerprint is %s.
> Are you sure you want to continue connecting (yes/no)?
> Failed to add the host to the list of known hosts (%.500s).
> Warning: Permanently added '%.200s' (%s) to the list of known hosts.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
> The %s host key for %s has changed,
> and the key for the according IP address %s
> %s. This could either mean that
> DNS SPOOFING is happening or the IP address for the host
> and its host key have changed at the same time.
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
> attack)!
> It is also possible that the %s host key has just been changed.
> The fingerprint for the %s key sent by the remote host is
> Please contact your system administrator.
> Add correct host key in %.100s to get rid of this message.
> %s host key for %.200s has changed and you have requested strict
> checking.
> Password authentication is disabled to avoid trojan horses.
> Agent forwarding is disabled to avoid trojan horses.
> X11 forwarding is disabled to avoid trojan horses.
> Port forwarding is disabled to avoid trojan horses.
> Warning: the %s host key for '%.200s' differs from the key for the IP
> address '%.128s'
> Exiting, you have requested strict checking.
> Are you sure you want to continue connecting (yes/no)?
> dup2 stdin
> dup2 stdout
> /bin/sh
> fork failed: %.100s
> rresvport: af=%d %.100s
> Allocated local port %d.
> socket: %.100s
> %s: %.100s: %s
> Trying again...
> connect: %.100s
> Connection established.
> SSH-
> SSH-%d.%d-%[^
> SSH-%d.%d-%.100s
> write: %.100s
> Local version string %.100s
> /dev/tty
> Please type 'yes' or 'no'.
> <no hostip for proxy command>
> using hostkeyalias: %s
> Found key in %s:%d
> Aborted by user!
> %s,%s
> is unknown
> is unchanged
> has a different value
> Offending key for IP in %s:%d
> Offending key in %s:%d
> Matching host key in %s:%d
> @(#)$OpenBSD: sshconnect1.c,v 1.31 2001/04/17 08:14:01 markus Exp $
> Trying RSA authentication via agent with '%.100s'
> Protocol error during RSA authentication: %d
> Received RSA challenge from server.
> Authentication agent failed to decrypt challenge.
> Sending response to RSA challenge.
> RSA authentication accepted by server.
> Protocol error waiting RSA auth response: %d
> RSA authentication using agent refused.
> respond_to_rsa_challenge: rsa_private_decrypt failed
> respond_to_rsa_challenge: bad challenge length %d
> Sending response to host key RSA challenge.
> Trying RSA authentication with key '%.100s'
> Enter passphrase for RSA key '%.100s':
> Will not query passphrase for %.100s in batch mode.
> Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> Server refused our rhosts authentication or host key.
> Received RSA challenge for host key from server.
> Rhosts or /etc/hosts.equiv with RSA host authentication accepted by
> server.
> Rhosts or /etc/hosts.equiv with RSA host authentication refused.
> Doing challenge reponse authentication.
> Protocol error: got %d in response to SSH_CMSG_AUTH_TIS
> Permission denied, please try again.
> WARNING: Encryption is disabled! Reponse will be transmitted in clear
> text.
> Protocol error: got %d in response to SSH_CMSG_AUTH_TIS_RESPONSE
> Doing password authentication.
> WARNING: Encryption is disabled! Password will be transmitted in clear
> text.
> Protocol error: got %d in response to passwd auth
> Waiting for server public key.
> Warning: Server lies about size of server public key: actual size is
> %d bits vs. announced %d.
> Warning: This may be due to an old implementation of ssh.
> Warning: Server lies about size of server host key: actual size is %d
> bits vs. announced %d.
> Received server public key (%d bits) and host key (%d bits).
> respond_to_rsa_challenge: host_key %d < public_key %d +
> SSH_KEY_BITS_RESERVED %d
> respond_to_rsa_challenge: public_key %d < host_key %d +
> SSH_KEY_BITS_RESERVED %d
> No valid SSH1 cipher, using %.100s instead.
> Selected cipher type %.100s not supported by server.
> Received encrypted confirmation.
> ssh_userauth1: server supports no auth methods
> Protocol error: got %d in response to SSH_CMSG_USER
> Protocol error: got %d in response to rhosts auth
> Server refused our key.
> sshconnect1.c
> Bad passphrase.
> RSA authentication refused.
> No challenge.
> Response:
> %s%s
> Encryption type: %.100s
> Sent encrypted session key.
> Trying rhosts authentication.
> %.30s@%.128s's password:
> Permission denied.
> @(#)$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> No valid ciphers for protocol version 2 given, using defaults.
> denied SSH2_MSG_SERVICE_ACCEPT: %d
> buggy server: service_accept w/o service
> ssh_userauth2: internal error: cannot send userauth none request
> ssh-userauth2 successful: method %s
> we sent a %s packet, wait for reply
> we did not send a packet, disable method
> input_userauth_error: bad message during authentication: type %d
> input_userauth_success: no authentication context
> input_userauth_failure: no authentication context
> Authenticated with partial success.
> authentications that can continue: %s
> input_userauth_pk_ok: no authentication context
> input_userauth_pk_ok: SSH_BUG_PKOK
> input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d
> sign_and_send_pubkey: cannot handle key
> userauth_pubkey: internal error
> send_pubkey_test: cannot handle key
> Enter passphrase for key '%.100s':
> no passphrase given, try next key
> bad passphrase given, try again...
> userauth_pubkey_agent: no keys at all
> userauth_pubkey_agent: no more keys
> userauth_pubkey_agent: testing agent key %s
> userauth_pubkey_agent: no message sent
> input_userauth_info_req: no authentication context
> userauth_hostbased: cannot get local ipaddr/name
> Unrecognized authentication method name: %s
> start over, passed a different list %s
> none,zlib
> ssh-rsa,ssh-dss
> done: ssh_kex2.
> hostbased
> keyboard-interactive
> password
> publickey
> send SSH2_MSG_SERVICE_REQUEST
> ssh-userauth
> service_accept: %s
> sshconnect2.c
> got SSH2_MSG_SERVICE_ACCEPT
> ssh-connection
> Permission denied (%s).
> input_userauth_banner
> no last key or no sign cb
> unknown pkalg %s
> no key from blob. pkalg %s
> input_userauth_pk_ok: fp %s
> key != last_key
> clear_auth_state: key_free %p
> sign_and_send_pubkey
> send_pubkey_test
> no such identity: %s
> try privkey: %s
> try pubkey: %s
> userauth_kbdint
> input_userauth_info_req
> userauth_hostbased: chost %s
> xxx: chost %s
> key_sign failed
> preferred %s
> no more auth methods to try
> authmethod_lookup %s
> remaining preferred: %s
> authmethod_is_enabled %s
> next auth method to try is %s
> tcsetattr
> tcgetattr
> @(#)$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $
> challengeresponseauthentication
> Privileged ports can only be forwarded by root.
> Too many local forwards (max %d).
> Too many remote forwards (max %d).
> %s: line %d: Bad configuration option: %s
> %.200s line %d: Missing yes/no argument.
> %.200s line %d: Bad yes/no argument.
> %.200s line %d: Missing yes/no/ask argument.
> %.200s line %d: Bad yes/no/ask argument.
> %.200s line %d: Missing argument.
> %.200s line %d: Too many identity files specified (max %d).
> %.200s line %d: Bad cipher '%s'.
> %.200s line %d: Bad SSH2 cipher spec '%s'.
> %.200s line %d: Bad SSH2 Mac spec '%s'.
> %.200s line %d: Bad protocol 2 host key algorithms '%s'.
> %.200s line %d: Bad protocol spec '%s'.
> %.200s line %d: unsupported log level '%s'
> %.200s line %d: Badly formatted port number.
> %.200s line %d: Missing second argument.
> %.200s line %d: Badly formatted host:port.
> %.200s line %d: Missing port argument.
> %.200s line %d: Bad escape character.
> process_config_line: Unimplemented opcode %d
> %.200s line %d: garbage at end of line; "%.200s".
> Reading configuration data %.200s
> %s: terminating, %d bad configuration options
> hostkeyalgorithms
> preferredauthentications
> dynamicforward
> loglevel
> numberofpasswordprompts
> keepalive
> compressionlevel
> compression
> stricthostkeychecking
> checkhostip
> batchmode
> connectionattempts
> userknownhostsfile2
> globalknownhostsfile2
> userknownhostsfile
> globalknownhostsfile
> escapechar
> host
> user
> localforward
> remoteforward
> protocol
> macs
> ciphers
> cipher
> proxycommand
> hostkeyalias
> hostname
> identityfile2
> identityfile
> usersh
> fallbacktorsh
> tisauthentication
> skeyauthentication
> hostbasedauthentication
> rhostsrsaauthentication
> dsaauthentication
> pubkeyauthentication
> kbdinteractivedevices
> kbdinteractiveauthentication
> passwordauthentication
> rhostsauthentication
> useprivilegedport
> gatewayports
> xauthlocation
> forwardx11
> forwardagent
> true
> false
> %.200s line %d: Bad number.
> <NONE>
> Applying options for %.100s
> /usr/X11R6/bin/xauth
> .ssh/identity
> ~/%.100s
> .ssh/id_rsa
> .ssh/id_dsa
> /etc/ssh/ssh_known_hosts
> ~/.ssh/known_hosts
> /etc/ssh/ssh_known_hosts2
> ~/.ssh/known_hosts2
> @(#)$OpenBSD: clientloop.c,v 1.65 2001/04/20 07:17:51 djm Exp $
> client_check_window_change: changed
> Connection to %.300s closed by remote host.
> Read from remote host %.300s: %.100s
> Server does not support re-keying
> Supported escape sequences:
> ~. - terminate connection
> ~R - Request rekey (SSH protocol 2 only)
> ~^Z - suspend ssh
> ~# - list forwarded connections
> ~& - background ssh (when waiting for connections to terminate)
> ~? - this message
> ~~ - send the escape character by typing it twice
> (Note that escapes are only recognized immediately after newline.)
> client_channel_closed: id %d != session_ident %d
> Write failed flushing stdout buffer.
> Write failed flushing stderr buffer.
> Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds
> Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f
> client_request_forwarded_tcpip: listen %s port %d, originator %s port
> %d
> Warning: ssh server tried X11 forwarding.
> Warning: this is probably a break in attempt by a malicious server.
> buggy server: x11 request w/o originator_port
> client_request_x11: request from %s %d
> Warning: ssh server tried agent forwarding.
> authentication agent connection
> client_input_channel_open: ctype %s rchan %d win %d max %d
> client_input_channel_req: channel %d rtype %s reply %d
> client_input_channel_req: no channel %d
> client_input_channel_req: channel %d: wrong channel: %d
> client_input_channel_req: channel %d: unknown channel
> Killed by signal %d.
> Sending eof.
> window-change
> select: %s
> %c^Z [suspend ssh]
> %c& [backgrounded]
> fork: %.100s
> read: %.100s
> write stdout: %.50s
> Entering interactive session.
> rekeying in progress
> user requests rekeying
> Connection to %.64s closed.
> Exit status %d
> clientloop.c
> forwarded-tcpip
> auth-agent@openssh.com
> confirm %s
> failure %s
> bla bla
> exit-status
> @(#)$OpenBSD: atomicio.c,v 1.9 2001/03/02 18:54:30 deraadt Exp $
> @(#)$OpenBSD: authfd.c,v 1.39 2001/04/05 10:42:48 markus Exp $
> Error writing to authentication socket.
> Error reading response length from authentication socket.
> Authentication response too long: %d
> Error reading response from authentication socket.
> Bad authentication reply message type: %d
> Too many identities in authentication reply: %d
> Warning: identity keysize mismatch: actual %d, announced %u
> Compatibility with ssh protocol version 1.0 no longer supported.
> Agent admitted failure to authenticate using the key.
> Bad authentication response: %d
> Agent admitted failure to sign using the key.
> Bad response from authentication agent: %d
> SSH_AUTH_SOCK
> SSH_AGENT_FAILURE
> @(#)$OpenBSD: authfile.c,v 1.32 2001/04/18 23:44:51 markus Exp $
> save_private_key_rsa: bad cipher
> write to key file %s failed: %s
> passphrase too short: have %d bytes, need > 4
> key_save_private: cannot save key type %d
> Read from key file %.200s failed: %.100s
> Unsupported cipher %d used in key file %.200s.
> Bad passphrase supplied for key file %.200s.
> PEM_read_PrivateKey: mismatch or unknown EVP_PKEY save_type %d
> read PEM private key done: type %s
> @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
> Bad ownership or mode(0%3.3o) for '%s'.
> It is recommended that your private key files are NOT accessible by
> others.
> This private key will be ignored.
> bad permissions: ignore key: %s
> fdopen %s failed: %s.
> No RSA1 key file %.200s.
> <no key>
> fdopen failed: %s
> PEM_read_PrivateKey failed
> rsa w/o comment
> dsa w/o comment
> <unknown>
> .pub
> @(#)$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $
> buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d
> buffer_get_bignum: input buffer too small
> Received packet with bad string length %d
> negativ!
> @(#)$OpenBSD: buffer.c,v 1.13 2001/04/12 19:15:24 markus Exp $
> buffer_get: trying to get more bytes %d than in buffer %d
> buffer_consume: trying to get more bytes than in buffer
> buffer_consume_end: trying to get more bytes than in buffer
> @(#)$OpenBSD: canohost.c,v 1.26 2001/04/18 14:15:00 markus Exp $
> get_remote_hostname: getnameinfo NI_NUMERICHOST failed
> Trying to reverse map address %.100s.
> Could not reverse map address %.100s.
> reverse mapping checking getaddrinfo for %.700s failed - POSSIBLE
> BREAKIN ATTEMPT!
> Address %.100s maps to %.600s, but this does not map back to the
> address - POSSIBLE BREAKIN ATTEMPT!
> Connection from %.100s with IP options:%.800s
> get_socket_ipaddr: getpeername failed: %.100s
> get_socket_ipaddr: getsockname failed: %.100s
> get_socket_ipaddr: getnameinfo %d failed
> get_sock_port: getnameinfo NI_NUMERICSERV failed
> getpeername failed: %.100s
> %2.2x
>



Relevant Pages

  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.security.unix)
  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.os.linux.security)
  • Re: understanding chkrootkit: sshd section
    ... Connection will not be encrypted. ... > Rhosts Authentication disabled, originating port will not be trusted. ... > Could not request local forwarding. ... Remote host failed or refused to allocate a pseudo tty. ...
    (comp.os.linux.security)
  • Re: Port forwarding to two machines?
    ... could even set up a port forwarding rule on that Mac... ... Specifies that the given port on the local host is to be ... nection is made to this port, the connection is forwarded over ...
    (uk.comp.sys.mac)
  • Re: ICS and FS trouble
    ... >>>client for ms networks, service advertising protocol, file and printer ... >>>execept that the MS beta AntiSpyware connects to the internet and recognises ... >> Microsoft doesn't support changing the ICS host computer's LAN ... >> Internet connection has a 192.168.0.x address that can't be changed to ...
    (microsoft.public.windowsxp.network_web)