[ale] OT: MS Media Services Probing PC?

BruceG griffisb at bellsouth.net
Thu May 20 08:16:22 EDT 2004 

What the?

      I was checking my router logs, and saw that when we were all snoozing, 
something at windowsmedia.com was scanning my kids WinXP laptop. Got the 
normal port scans blocked at the router (to 139, 445, ...) - but the 
windowsmedia stuff looks like it was intiated at the laptop, then went over 
port 80.

      At least that's what I think happened. Doesn't look pretty.
Bruce

01:10:27-0??????@out TCP from 192.168.1.101:3396 to 
windowsmedia.com(207.46.248.113):80.
01:10:31-0??????@out TCP from 192.168.1.101:3397 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:10:32-0??????@out TCP from 192.168.1.101:3398 to 
a644.g.akamai.net(63.111.71.127):80.
01:10:32-1??????@out TCP from 192.168.1.101:3399 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:15:33-0??????@in TCP from 67.33.144.29:4411 to 67.33.nn.nn:445.
01:15:33-1??????@out TCP from 192.168.1.101:3400 to 
windowsmedia.com(207.46.248.113):80.
01:15:33-2??????@out TCP from 192.168.1.101:3401 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:16:00-0??????@in TCP from 218.2.190.15:2215 to 67.33.nn.nn:139.
01:16:52-0??????@in TCP from 194.3.104.27:3669 to 67.33.nn.nn:445.
01:20:34-0??????@out TCP from 192.168.1.101:3402 to 
windowsmedia.com(207.46.248.113):80.
01:20:34-1??????@out TCP from 192.168.1.101:3403 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:20:35-0??????@out TCP from 192.168.1.101:3405 to 
a644.g.akamai.net(63.111.71.127):80.
01:25:39-0??????@out TCP from 192.168.1.101:3406 to 
windowsmedia.com(207.46.196.100):80.
01:25:40-0??????@out TCP from 192.168.1.101:3407 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:25:41-0??????@out TCP from 192.168.1.101:3408 to 
a644.g.akamai.net(63.111.71.127):80.
01:25:41-1??????@out TCP from 192.168.1.101:3409 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:27:28-0??????@in TCP from 67.33.168.147:1849 to 67.33.nn.nn:5000.
01:27:30-0??????@in TCP from 67.33.168.147:2036 to 67.33.nn.nn:135.
01:30:42-0??????@out TCP from 192.168.1.101:3412 to 
windowsmedia.com(207.46.196.100):80.
01:30:42-1??????@out TCP from 192.168.1.101:3413 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:31:07-0??????@in TCP from 67.33.248.45:4210 to 67.33.nn.nn:445.
01:33:47-0??????@in TCP from 67.33.50.62:3380 to 67.33.nn.nn:5000.
01:33:49-0??????@in TCP from 67.33.50.62:3523 to 67.33.nn.nn:135.
01:34:01-0??????@in TCP from 208.200.108.71:2896 to 67.33.nn.nn:445.
01:35:46-0??????@out TCP from 192.168.1.101:3414 to 
windowsmedia.com(207.46.196.100):80.
01:35:47-0??????@out TCP from 192.168.1.101:3415 to 
metaservices.windowsmedia.com(207.46.250.125):80.
01:35:50-0??????@out TCP from 192.168.1.101:3417 to 
a644.g.akamai.net(63.111.71.127):80.
01:36:45-0??????@in TCP from 172.189.121.231:1148 to 67.33.nn.nn:135.
01:39:07-0??????@in TCP from 67.33.247.120:3841 to 67.33.nn.nn:135.
01:39:54-0??????@in TCP from 67.33.248.45:3584 to 67.33.nn.nn:445.
01:40:51-0??????@out TCP from 192.168.1.101:3419 to 
windowsmedia.com(207.46.196.100):80.
01:40:51-1??????@out TCP from 192.168.1.101:3420 to 
metaservices.windowsmedia.com(207.46.250.125):80.

More information about the Ale mailing list