M$ trying to access my machine ?


Recommended Posts

hi it seems that today is the bad day for me...

for last few hrs my norton firewall is showing me alerts that 65.54.240.61 is trying to access my machine...

Screenshot of that alert :

RemoteAccess.gif

following is the exact log :

Details: This one time, the user has chosen to "block" communications

Inbound UDP packet

Local address,service is (msinc(10.0.2.120),3973)

Remote address,service is (65.54.240.61,7001)

Process name is "N/A"

i did who is for the ip and found foll info :

OrgName:    Microsoft Corp

OrgID:      MSFT

Address:    One Microsoft Way

City:      Redmond

StateProv:  WA

PostalCode: 98052

Country:    US

NetRange:  65.52.0.0 - 65.55.255.255

CIDR:      65.52.0.0/14

NetName:    MICROSOFT-1BLK

NetHandle:  NET-65-52-0-0-1

Parent:    NET-65-0-0-0-0

NetType:    Direct Assignment

NameServer: DNS1.CP.MSFT.NET

NameServer: DNS2.CP.MSFT.NET

NameServer: DNS1.TK.MSFT.NET

NameServer: DNS1.DC.MSFT.NET

NameServer: DNS1.SJ.MSFT.NET

Comment:   

RegDate:    2001-02-14

Updated:    2002-12-05

TechHandle: ZM23-ARIN

TechName:  Microsoft Corporation

TechPhone:  +1-425-882-8080

TechEmail:  noc@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN

OrgAbuseName:  Abuse

OrgAbusePhone:  +1-425-882-8080

OrgAbuseEmail:  abuse@microsoft.com

OrgNOCHandle: ZM23-ARIN

OrgNOCName:  Microsoft Corporation

OrgNOCPhone:  +1-425-882-8080

OrgNOCEmail:  noc@microsoft.com

OrgTechHandle: MSFTP-ARIN

OrgTechName:  MSFT-POC

OrgTechPhone:  +1-425-882-8080

OrgTechEmail:  iprrms@microsoft.com

and i also searched the net for the port 7001..it showed me foll info :
AFS callbacks to cache managers Freak88 Trojan | AFS callbacks to cache managers

I scanned my whole machine using (Trojan Hunder 3.5)..didnt find anything

donno whats happenening today...

but i m still thinking that why the hell M$ is trying to access my machine...

any idea about this thing ?

any kinda help appriciated.

Thanks

Dee

Link to comment
Share on other sites

good god, PLEASE don't call it "M$" </rant>

when you look online for information about that specific port don't forget that it's attempting a UDP connection, not TCP. also you may try searching microsoft's site.

i doubt it's anything to worry about , and i doubt that "M$" is "trying to access your machine" beyond automatic updates or something like that.

Link to comment
Share on other sites

Very strange way to list an inbound - from your details posting - that looks more like they were trying to go to port 3973 on your machine, coming from port 7001. And your 10.x address is private - so NO way that was directly routed. Are you behind a NATing device (router?)

As to MS trying to look at your machine - dude what you listed shows MS owning 3 class B's You KNOW how many addresses that IS?? I highly doubt that is really a MS box attempting to access your machine :)

How many times have you seen this? If its a couple of times - I wouldn't worry to much :)

Link to comment
Share on other sites

Very strange way to list an inbound - from your details posting - that looks more like they were trying to go to port 3973 on your machine, coming from port 7001. And your 10.x address is private - so NO way that was directly routed. Are you behind a NATing device (router?)

As to MS trying to look at your machine - dude what you listed shows MS owning 3 class B's You KNOW how many addresses that IS?? I highly doubt that is really a MS box attempting to access your machine :)

How many times have you seen this? If its a couple of times - I wouldn't worry to much :)

hi,

i checked my log just now it had showed the alert 4 times and everytime my local port was different :

3973, 3741, 3336, 3099

Are you behind a NATing device (router?)

well i dont know anything about it coz here in india net providers dont tell us all these stuff all they do is get one lease line and share it among no of people on the LAN..

can it be something to with MSN Messenger ?

Dee

Link to comment
Share on other sites

MSN Messenger uses those ports for access. Occasionally when there is a MSN update or as they try to feed you those ads that appear in the bottom of the MSN window, you will get connection attempts to your machine on that port (3973).

Nothing to worry about.

:)

Link to comment
Share on other sites

MSN Messenger uses those ports for access. Occasionally when there is a MSN update or as they try to feed you those ads that appear in the bottom of the MSN window, you will get connection attempts to your machine on that port (3973).

Nothing to worry about.

:)

just what i was gonna say, things like IE, MSN messenger, windows messenger etc. are all ms products and need internet access, and so your firewall is picking it up. i guess, lol

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.