Announcement

Collapse
No announcement yet.

Guess who came knocking on my back door?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Guess who came knocking on my back door?

    I was getting a constant ping on my system so I opened EtherApe and took a look. I found what was causing the repetitive "TIME_WAIT" acks every 5 seconds, checkip.dyndns.com. It turns out that the Plasmoid which shows your IP on your desktop uses that service and it results in a regular tick on your Network Traffic graph. While using EtherApe I noticed another visitor who was rather persistently knocking on my ports. I did an "whois" on the IP address and here is what it returned:
    jerry@sonyvgnfw140e:~$ whois 207.68.188.186

    OrgName: Microsoft Corp
    OrgID: MSFT
    Address: One Microsoft Way
    City: Redmond
    StateProv: WA
    PostalCode: 98052
    Country: US

    NetRange: 207.68.128.0 - 207.68.207.255
    CIDR: 207.68.128.0/18, 207.68.192.0/20
    NetName: MICROSOFT-CORP-MSN-BLK
    NetHandle: NET-207-68-128-0-1
    Parent: NET-207-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.MSFT.NET
    NameServer: NS5.MSFT.NET
    NameServer: NS2.MSFT.NET
    NameServer: NS3.MSFT.NET
    NameServer: NS4.MSFT.NET
    Comment:
    RegDate: 1996-03-26
    Updated: 2005-06-29

    RTechHandle: ZM39-ARIN
    RTechName: Microsoft
    RTechPhone: +1-425-882-8080
    RTechEmail: noc@microsoft.com

    OrgAbuseHandle: ABUSE231-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-425-882-8080
    OrgAbuseEmail: abuse@hotmail.com
    I also saw the same IP but ending in 187 as well. They may be domain name servers.
    I found they were related to this website: http://micasa.com/ I wonder what their relation to Microsoft is?

    Regardless, what is a dns doing probing my ports?
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.
    Tags: None
    • Top
    • Bottom
    #2
    Re: Guess who came knocking on my back door?

    Web Spiders?
    Using Kubuntu Linux since March 23, 2007
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes
    • Top
    • Bottom

    Comment

      #3
      Re: Guess who came knocking on my back door?

      OK, COP Communications also own http://www.postmagazine.com and http://www.cgw.com (Computer Graphics World) ... but yeah, it's still a mystery why MS is involved with micasa.com ...

      One curious thing is that cgw is "powered" by COP but are located in the same building (they share the very same address). Still there's nothing specific about what COP and micasa.com have to do with MS...
      Multibooting: Kubuntu Noble 24.04
      Before: Jammy 22.04, Focal 20.04, Precise 12.04 Xenial 16.04 and Bionic 18.04
      Win XP, 7 & 10 sadly
      Using Linux since June, 2008
      • Top
      • Bottom

      Comment

        #4
        Re: Guess who came knocking on my back door?

        When I did a google search on that IP address I found this:
        Re: Setting up a home network with WinXP

        ----------------- dhcp.conf-------------------------------------
        ddns-update-style interim;

        max-lease-time 120;
        default-lease-time 120;

        subnet 192.168.1.0 netmask 255.255.255.0
        {
        option routers 192.168.1.254;
        option subnet-mask 255.255.255.0;

        option domain-name "micasa.com";
        option domain-name-servers 207.69.188.185, 207.68.188.186;

        range 192.168.1.100 192.168.1.120;
        }

        -------------------end dhcp.conf----------------------------------
        But this URL http://nc-help.dyndns.org/linux/HOWT...h_ppp_v62.html

        8) create /etc/dhcpd.conf:
        subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.2 192.168.1.200;
        option routers 192.168.1.;
        default-lease-time 2592000;
        max-lease-time 25920000;
        option broadcast-address 192.168.1.255;
        # domain nameservers line - if provide caching namesever, point to it first
        # then put in your ISP's DNS servers. Example uses mindspring's DNS.
        #
        option domain-name-servers 192.168.1.1, 207.69.188.185, 207.68.188.186;
        }
        # don't forget the } above!!
        Another URL cited them as DNS for Earthlink DSL service.

        Yet, whois on those addresses returns Microsoft.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.
        • Top
        • Bottom

        Comment

        Previous template Next
        Working...
        X