Kitz Forum
Internet => General Internet => Topic started by: UncleUB on December 11, 2009, 02:07:18 PM
-
Not sure this is the right section to post in.
I have just looked at the inernet and network log viewer in McAfee and al the numbers are 192.168.1.254 which is the O2 WirelessBox.lan ICSLAP,but I have one entry dated the 7th Dec which scared me a bit.
The number is 207.46.125.254 no host name,but under where it says event information it says, UDP port 53963.
The details say,
A computer at 207.46.125.254 has attemped an unsolicited connection to UDP port 53963 on your computer.
Thereare some options to either add this IP as trusted,add as standard,ban this IP or trace this IP.
I tried doing a trace but nothing came up?
-
This is possibly something to do with Windows updates..........do you have them set to automatice ?
The IP address is traced to the Microsoft Corporation, in which case it is probably nothing to worry about. :)
-
Could be Microsoft doing a validation check - see the entry for that IP address:
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2004-12-09
RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
All courtesy of Sam Spade.
Colin
[EDIT - TD got in before me!]
-
Oh that was quick guys........where have you sprung from TD ;D
I have just phoned O2 and it is indeed the Microsoft Corporation which that IP number belongs to.
This is possibly something to do with Windows updates..........do you have them set to automatice ?
Yes I do, and there was a couple of updates on that date. :)
It just puzzled me as that is the only entry in the log viewer which I can see as far back as 11/11/2009,all the others are for the O2 wireless box.lan
-
If that IP pops up again in the logs you can deem it as trusted, then it will not be logged in the same way and all the options won't appear again. :)
-
Thanks TD,tbh its something I very rarely look at.I was just looking at the details of my weekly scan and decided to explore a few other options in McAfee.
As it was different and every other one was for the O2 wirelessbox it just set the alarm bells ringing.
-
As it is Microsoft I would block it :lol:
And only allow it when you want it to.
-
Thats a weird port.
Guessing - Could it be a program crash report to microsoft?
-
Thats a weird port.
Guessing - Could it be a program crash report to microsoft?
I haven't a clue,but can't remember having any programmes crash.
This was imbound,so why would Microsoft want to do this? Sorry to sound a bit vacant.
I had an update dated 07/12/09...Windows Defender KB915597 at 17.01pm,but the time of the other in the log viewer was 12.07pm?