Re: dx upgrade - unexpected network connection

From: Sandi - Microsoft MVP (sandi_hardmeier_at_mvps.org)
Date: 07/24/03 

Date: Thu, 24 Jul 2003 21:29:25 +0800

That didn't happen to me; check your system for spyware, hijackware,
foistware. 

-- 
Hyperlinks are used to ensure answers remain current.
________________________________________
Sandi Hardmeier - Microsoft MVP since 1999
http://www.mvps.org/inetexplorer
"Stephen Bell" <stephen.bell@metrokc.gov> wrote in message 
news:047f01c35172$5d479600$a501280a@phx.gbl...
> Why does the direct x upgrade to v9.0b attempt to connect
> to this site?  It does not appear to be related to
> download of components?  (I blocked the attempted
> connection and the upgrade worked fine, but why is the
> connection being attempted?)
>
> - Stephen
>
>
>
> =====================================
> Local Port : 2093
> Remote Name : http.edge.ru4.com
> Remote Address : 198.107.152.227
> Remote Port : 80 (HTTP - World Wide Web)
>
> Ethernet packet details:
> Ethernet II (Packet Length: 62)
> Destination: 00-30-a3-b7-1c-00
> Source: 00-07-e9-b5-94-be
> Type: IP (0x0800)
> Internet Protocol
> Version: 4
> Header Length: 20 bytes
> Flags:
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset:0
> Time to live: 128
> Protocol: 0x6 (TCP - Transmission Control
> Protocol)
> Header checksum: 0xa61c (Correct)
> Source: xxxxxxxxxxxxxxxxxxx
> Destination: 198.107.152.227
> Transmission Control Protocol (TCP)
> Source port: 2093
> Destination port: 80
> Sequence number: 3371730648
> Acknowledgment number: 0
> Header length: 28
> Flags:
> 0... .... = Congestion Window Reduce
> (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...0 .... = Acknowledgment: Not set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..1. = Syn: Set
> .... ...0 = Fin: Not set
> Checksum: 0x7b0a (Correct)
> Data (0 Bytes)
>
> Binary dump of the packet:
> 0000:  00 30 A3 B7 1C 00 00 07 : E9 B5 94 BE 08 00 45 00
> | .0............E.
> 0010:  00 30 B8 BC 40 00 80 06 : 1C A6 92 81 33 95 C6 6B
> | .0..@.......3..k
> 0020:  98 E3 08 2D 00 50 C8 F8 : 86 D8 00 00 00 00 70 02
> | ...-.P........p.
> 0030:  FA F0 0A 7B 00 00 02 04 : 05 B4 01 01 04 02
> | ...{..........
> --------END-------

Relevant Pages

  • Re: Help Interpreting data from Wireshark
    ... What concerns me is that the packet seemed to have a source address of 192.168.1.1 but later in the packet you see the dest as 84.160.95.226 ... Protocol Info ... DENVER.local ICMP Destination unreachable (Port unreachable) ... Fragment offset: 0 ...
    (comp.os.linux.security)
  • Sygate Firewall warning
    ... Ethernet II (Packet Length: 76) ... Internet Protocol ... Header checksum: 0x76cd ... Source port: 1161 ...
    (alt.computer.security)
  • Re: Problem with the NDIS MUX IM driver (decapsulation not working)
    ... If the higher-level protocol and the lower-level miniport have enabled some TCP task offload contract, then the decapsulated packet you are indicating may not provide the necessary task offload information. ... then temporarily disabling the NDIS task offload features of the adapter using the adapter's NCPA advanced property tab should make the behavior "better". ... I slap on my own ethernet header infront of the real ...
    (microsoft.public.development.device.drivers)
  • pppd out of bounds memory access, possible DOS
    ... ppp is an implementation of Point-to-Point Protocol for Unix systems. ... Improper verification of header fields lets an attacker make the pppd server ... It reads in the packet at line 932, at most 1500 + PPP header sized ...
    (Bugtraq)
  • What is this port 0 traffic, pls?
    ... Here is one such packet captured with ethereal: ... Capture Length: 76 bytes ... Protocol: IP ... Header checksum: 0x9b75 ...
    (comp.os.linux.security)