Heres one for ye...

PJ Hunt · 06-06-2000 3:58pm #1

Over the past few weeks I had noticed now and again that when I dialed up to my ISP I would immediatley get an alert from my firewall about an attempt to connect.

As I always dial up without a browser, Outlook or any web application open I thought it was my ISP's proxy or sometin...until

I did a trace one day and lo and behold...It is a hotmail server.

So I cleaned my HD...the usual stuff....cookies, index.dat, etc but it continued.

Then I realised I had MSN Messenger installed ( which I rarely use )

As ye probably know, MSN when connected will tell you if you have new Hotmail.

But it turns out that this app will connect to MS even when it's not running.

So...in a log somewhere on some MS server is an account of when I logged on in the last few months.

I think it's a bloody disgrace.

Don't get me wrong...I realise that everything we do on the net is recorded and logged...but at least I thought you would have to have an app running before these people start gathering info about you.

Heck...

What next??

‡PJ‡

anonym00se · 06-06-2000 4:18pm

What data was it sending exactly? Did you
snoop the interface to see, if not would you like to :]

Being truely anonymous in this day and age is a true rarity

PJ Hunt · 06-06-2000 4:34pm

I'm just presuming its checking for Hotmail...but...if when you activate MSN it does that anyway, why would it need to connect when I log on??

I dont use Outlook for any Hotmail accounts..and as I said I dont have any apps open when I log on.

So why the hell am I connecting to Hotmail for no reason?

I certainly would love to know exactly whats being transmitted...

‡PJ‡

spod · 06-06-2000 5:39pm

Originally posted by PJ Hunt:
(master of ubb code - bow down)
I certainly would love to know exactly whats being transmitted...

http://netgroup-serv.polito.it/windump/

should tell you exactly what's being sent..

PJ Hunt · 06-06-2000 11:23pm

Cheers spod..

I'll give it a try
And see what I can dig up

what can I say? UBB is what my mother usta speak !!

‡PJ‡

spod · 07-06-2000 9:40am

Originally posted by PJ Hunt:
what can I say? UBB is what my mother usta speak !!

I'm scared....

zenith · 07-06-2000 2:56pm

Eh, I know this may be an obvious one, but could it be a UDP 'port scan' being detected?

From http://advice.networkice.com/advice/Intrusions/2003502/?port=138

The most common source of this alert is when the user first dials up to the Internet. Busy ISPs will re-assign IP addresses quickly, which means that as soon as you dial-up with your modem, you will be assigned the IP address of another user that just hung up. Any server attempting to send data to that other user will then be sending data at you. (Just like when you get your new telephone number and you start receiving phone calls intended for the person who used to own it). The product triggers this alert every time it receives UDP data that your computer never asked for.

A common source of this attack is from RealNetworks audio/video servers. You can guess this for yourself by checking the port number (which is part of the URL above). RealAudio uses ports in the range between 6970-7080. RealNetworks triggers this alert because it is very popular, and therefore one of the more common protocols that people receive as soon as they dial-up. It also triggers this because servers will still stream data at your computer for a little while even when your RealNetworks client shuts down.

PJ Hunt · 07-06-2000 4:16pm

Zenith..I've had that scan from Real but a trace on this one comes up with--

msgr-ns2.hotmail.com

My point is that I dont have the thing running at the time.

To me its just another example of people wanting to know things about us, that they dont want us to know they know about us...

That make sense?

‡PJ‡

zenith · 07-06-2000 6:48pm

Eh, you're right ... it stinks.

Down with bad people.

Heres one for ye...

Comments