On Wed, Jan 29, 2003 at 09:46:53PM +1100, Michael Rowe wrote: > > I received a packet on my cable modem today, allegedly from > microsoft.com: > > 18:41:35.663374 207.46.249.190.80 > my.cable.modem.ip.1681: S866282571:866282571(0) ack 268566529 win 16384 <mss 1460> Do you have any MS computers at home set to automatically check microsoft's site for updates? I thought I had it turned off but poking around the GUI I found under Control Panel - Servers "Automatic Update" set to Automatic. What's odd is that it isn't in my tray and I thought I disabled it. > No one was home at this time, and no computer running windows was > active, so I'm pretty sure this was not legit traffic (unless it was a > *very* delayed ack from a microsoft server, like > 6 hours. I guess > this is conceivable, given their current, er, issues :). By "active" do you mean "turned off"? Chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 15:14:49 PST