If you have a new account but are having problems posting or verifying your account, please email us on [email protected] for help. Thanks :)
Hello All, This is just a friendly reminder to read the Forum Charter where you wish to post before posting in it. :)
Hi all, The AutoSave Draft feature is now disabled across the site. The decision to disable the feature was made via a poll last year. The delay in putting it in place was due to a bug/update issue. This should serve as a reminder to manually save your drafts if you wish to keep them. Thanks, The Boards Team.
Hello all! This is just a quick reminder to ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere.

Update falls down using Vodafone mobile

  • 11-05-2021 1:51pm
    Registered Users Posts: 1,162 ✭✭✭ carveone

    Hi all,

    I have an older Windows 7 test machine which is running Microsoft Security Essentials and pretty much nothing else. Every so often MSE updates its signatures using Windows Update and the BITS services and this seems to work ok. Obviously there aren't any more Updates for W7 (aside from the Malicious Software Removal Tool).

    One day I decided to connected this machine to a WiFi hotspot on my phone - this is a p30 lite with a Vodafone sim. This seems fine until MSE tried to update. At which point the BITS service goes a bit nuts - it writes to C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat continuously until I do a "net stop bits".

    This is quite odd. I'm not sure if Windows 10 would have the same issue as I don't use it (I run Linux Mint most of the time). If it does, it would seem like a way to DOS a Windows 10 machine.

    Does anyone know if Vodafone filter weird ports or do odd things with their DNS? I remember Three used to filter imgur using a DNS filter but that was easily circumvented and I think they got bored doing that and went away :)

    Edit: That wasn't a particularly well thought out Subject line!


  • Registered Users Posts: 1,162 ✭✭✭ carveone

    After some network probing, I've found that "" is a different server ( on the UPC broadband network compared to on the Vodafone 4G network. They are different servers and elicit different header responses for the same file request.

    Using "curl -I" on one of the MSE update patches, the first server returns a perfectly reasonable reply. The second returns complete rubbish.

    > curl -I ""
    HTTP/1.1 200 OK
    Server: ECAcc (lha/8DA7)
    Content-Length: 0
    Connection: keep-alive

    Note the Content-Length is zero along with a keep-alive connection. Super. How is that supposed to work? From what I can see, BITS goes nuts and starts reissuing the job over and over.

    In my opinion this is an effective denial of service attack against a Windows 7 machine and I've seen the same problem reported against a Windows 2016 Server.

    I'll have to make a reproducible test case but I've no idea if Microsoft will care (they won't fix it for Windows 7 anyway).

  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 85,660 Mod ✭✭✭✭ Capt'n Midnight

    Let's blame DNS.

    Would it work with a generic third party DNS server ? I gave up relying on NTL/UPC/VM DNS servers a long time ago.

  • Registered Users Posts: 1,162 ✭✭✭ carveone

    Let's blame DNS.

    Would it work with a generic third party DNS server ? I gave up relying on NTL/UPC/VM DNS servers a long time ago.

    Thanks for replying! I tried using to do the query but it returned the same IP address ranges resulting in the same problem. I think - I can't remember what I was trying so I'll go off and try it again! I definitely remember thinking of DNS too though :)

    To me it's a malconfigured Vodafone proxy server. I've tried the same curl command above on Tesco, Virgin, Three and Eir and get valid HEAD responses.

    I spent a day writing out and logging a vulnerability with MSRC but they just closed it with a rather curt need "valid proof of concept (POC) ideally with images or video". Gee, thanks. I'd have to write a broken web server to prove it and, although I can do this, I won't.

    I phoned Vodafone technical support. You can guess how that worked out. They started off by looking for my phone number and phone type and who I was sharing my internet connection with so I hung up on them :p

  • Registered Users Posts: 1,162 ✭✭✭ carveone

    Nope. Changing the DNS doesn't fix it.

    Which is interesting because it usually fixes all manner of stupid nonsense with DNS servers. Especially 3's - they used to filter out imgur because reasons. And all stackexchange images were on imgur so that was massively irritating. Change the DNS, problem goes away...

  • Registered Users Posts: 1,162 ✭✭✭ carveone

    I know this is an old post but it turns out that the issue is a bug in Windows update ( If the Content-Length is zero for the HEAD response to a windows update file, then the update goes into an infinite loop. Reported to MS but they're not interested (they could reproduce it alright, they're just not going to fix it).

    I reported it to Vodafone but they didn't care. So I can't hotspot my Windows machines using Vodafone and I'm using Tesco now instead.

    One of those things I guess...

  • Advertisement