d33 Posted July 16, 2003 Share Posted July 16, 2003 hi it seems that today is the bad day for me... for last few hrs my norton firewall is showing me alerts that 65.54.240.61 is trying to access my machine... Screenshot of that alert : following is the exact log : Details: This one time, the user has chosen to "block" communications Inbound UDP packet Local address,service is (msinc(10.0.2.120),3973) Remote address,service is (65.54.240.61,7001) Process name is "N/A" i did who is for the ip and found foll info : OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 65.52.0.0 - 65.55.255.255 CIDR: 65.52.0.0/14 NetName: MICROSOFT-1BLK NetHandle: NET-65-52-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Assignment NameServer: DNS1.CP.MSFT.NET NameServer: DNS2.CP.MSFT.NET NameServer: DNS1.TK.MSFT.NET NameServer: DNS1.DC.MSFT.NET NameServer: DNS1.SJ.MSFT.NET Comment: RegDate: 2001-02-14 Updated: 2002-12-05 TechHandle: ZM23-ARIN TechName: Microsoft Corporation TechPhone: +1-425-882-8080 TechEmail: noc@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@microsoft.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms@microsoft.com and i also searched the net for the port 7001..it showed me foll info :AFS callbacks to cache managers Freak88 Trojan | AFS callbacks to cache managers I scanned my whole machine using (Trojan Hunder 3.5)..didnt find anything donno whats happenening today... but i m still thinking that why the hell M$ is trying to access my machine... any idea about this thing ? any kinda help appriciated. Thanks Dee Link to comment Share on other sites More sharing options...
Causas Posted July 16, 2003 Share Posted July 16, 2003 :ninja: :pinch: Link to comment Share on other sites More sharing options...
ike Posted July 16, 2003 Share Posted July 16, 2003 good god, PLEASE don't call it "M$" </rant> when you look online for information about that specific port don't forget that it's attempting a UDP connection, not TCP. also you may try searching microsoft's site. i doubt it's anything to worry about , and i doubt that "M$" is "trying to access your machine" beyond automatic updates or something like that. Link to comment Share on other sites More sharing options...
Jason Posted July 16, 2003 Share Posted July 16, 2003 I wouldn't worry, Microsoft have no interest in yours or anyones machine. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 16, 2003 MVC Share Posted July 16, 2003 Very strange way to list an inbound - from your details posting - that looks more like they were trying to go to port 3973 on your machine, coming from port 7001. And your 10.x address is private - so NO way that was directly routed. Are you behind a NATing device (router?) As to MS trying to look at your machine - dude what you listed shows MS owning 3 class B's You KNOW how many addresses that IS?? I highly doubt that is really a MS box attempting to access your machine :) How many times have you seen this? If its a couple of times - I wouldn't worry to much :) Link to comment Share on other sites More sharing options...
d33 Posted July 16, 2003 Author Share Posted July 16, 2003 Very strange way to list an inbound - from your details posting - that looks more like they were trying to go to port 3973 on your machine, coming from port 7001. And your 10.x address is private - so NO way that was directly routed. Are you behind a NATing device (router?)As to MS trying to look at your machine - dude what you listed shows MS owning 3 class B's You KNOW how many addresses that IS?? I highly doubt that is really a MS box attempting to access your machine :) How many times have you seen this? If its a couple of times - I wouldn't worry to much :) hi, i checked my log just now it had showed the alert 4 times and everytime my local port was different : 3973, 3741, 3336, 3099 Are you behind a NATing device (router?) well i dont know anything about it coz here in india net providers dont tell us all these stuff all they do is get one lease line and share it among no of people on the LAN.. can it be something to with MSN Messenger ? Dee Link to comment Share on other sites More sharing options...
Jason Posted July 16, 2003 Share Posted July 16, 2003 Email Microsoft if you are concerned, just tell them you are a bit concerned with what your firewall picked up. Email here : abuse@microsoft.com Link to comment Share on other sites More sharing options...
hazardjsimpson Posted July 16, 2003 Share Posted July 16, 2003 MSN Messenger uses those ports for access. Occasionally when there is a MSN update or as they try to feed you those ads that appear in the bottom of the MSN window, you will get connection attempts to your machine on that port (3973). Nothing to worry about. :) Link to comment Share on other sites More sharing options...
d33 Posted July 16, 2003 Author Share Posted July 16, 2003 ok cool thanks man i was worried coz it was showing "High Risk" alert Dee Link to comment Share on other sites More sharing options...
Coffeee Posted July 16, 2003 Share Posted July 16, 2003 MSN Messenger uses those ports for access. Occasionally when there is a MSN update or as they try to feed you those ads that appear in the bottom of the MSN window, you will get connection attempts to your machine on that port (3973).Nothing to worry about. :) just what i was gonna say, things like IE, MSN messenger, windows messenger etc. are all ms products and need internet access, and so your firewall is picking it up. i guess, lol Link to comment Share on other sites More sharing options...
d33 Posted July 16, 2003 Author Share Posted July 16, 2003 i think i should not worry now :) thanks alot guys for the quick help... Dee Link to comment Share on other sites More sharing options...
Recommended Posts