| Author |
 Topic Search  Topic Options
|
huwnet 
Senior Member
Joined: 30 May 2003
Location: England
Status: Offline
Points: 1375
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Mysterious Packets
Posted: 02 July 2004 at 2:05pm |
|
I have recently been analysing my network traffic. And my PC is sending
and recieving packets from baym-td1.msgr.hotmail.com,
baym-td1.msgr.hotmail.com. The IP addresses are 64.4.25.80, 64.4.25.81,
64.4.25.84, 64.4.25.85 . It is on ports 3544 and 2193. I have checked
my computer for viruses and adaware but I still cannot find the cause
of this problem.
|
 |
wolfie
Groupie
Joined: 18 November 2002
Location: United Kingdom
Status: Offline
Points: 64
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 2:21pm |
Something to do with MSN Messenger I think. Or maybe connected with the new techpreview of the MSN search engine and it's picking up web files on your server (doubt it though).
|
Wolfie--[ WolfWeb.co.uk ]
PHP, .net--[ beginner ] ASP, VB, C, SQL--[ intermediate ] X/D/HTML, CSS, WML, XML--[
|
|
huwnet
Senior Member
Joined: 30 May 2003
Location: England
Status: Offline
Points: 1375
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 2:30pm |
|
No. This isn't my server and I haven't run MSN in ages.
|
|
wolfie
Groupie
Joined: 18 November 2002
Location: United Kingdom
Status: Offline
Points: 64
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 2:40pm |
http://translate.google.com/translate?hl=en&sl=de&u= http://www.derfisch.de/modules.php%3Fop%3Dmodload%26name%3DP NphpBB2%26file%3Dviewtopic%26t%3D985&prev=/search%3Fq%3D baym-td1%26hl%3Den%26lr%3D%26ie%3DUTF-8
Check that out, found something relating to baym-td1.msgr.hotmail.com. But I can't make head nor tail of it.
But the IP address is defantly hotmail (this is what pinged back)...
OrgName: MS Hotmail
OrgID: MSHOTM
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 64.4.0.0 - 64.4.63.255
CIDR: 64.4.0.0/18
NetName: HOTMAIL
NetHandle: NET-64-4-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:
RegDate: 1999-11-24
Updated: 2003-06-27
TechHandle: MSFTP-ARIN
TechName: MSFT-POC
TechPhone: +1-425-882-8080
TechEmail: iprrms@microsoft.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
|
Wolfie--[ WolfWeb.co.uk ]
PHP, .net--[ beginner ] ASP, VB, C, SQL--[ intermediate ] X/D/HTML, CSS, WML, XML--[
|
|
huwnet
Senior Member
Joined: 30 May 2003
Location: England
Status: Offline
Points: 1375
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 3:01pm |
|
Could be a virus not picked up by the scanner that is made to look like scvhost etc.
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 3:31pm |
|
I doubt theres a virus that connects to a MS site that is undetected by virus scanners . . . What OS is it? XP Pro etc. have Windows Messenger preinstalled and it runs at startup. Also are these connections incoming or outgoing?
|
|
huwnet
Senior Member
Joined: 30 May 2003
Location: England
Status: Offline
Points: 1375
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 3:57pm |
|
XP Pro. Messenger may run at startup but this traffic is continuos. The traffic is ingoing and outgoing. The TRAFFIC IS UDP
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 July 2004 at 4:16pm |
|
|
Lead me not into temptation... I know the short cut, follow me.
|
|
