Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > infected out of the box

Reply
Thread Tools

infected out of the box

 
 
pedwin
Guest
Posts: n/a
 
      08-18-2007
WTF is Windows Vista doing sending unauthorised packets to a University in
Asia?.

Right, so I upgrade my mate's kids computer to Vista from ME. No sooner than
it reboots the hub lights up. Hello methinks. This happened to Win2K also.
So I have a look at the log file on the Linux firewall/gateway and it
appears that Vista is trying to connect with 221.9.142.91.

(A few years ago a simillar thing happened with Win2K, except that the IP
number it tried to send data to was 165.246.99.95.)

If Windows security wasn't so seriously flawed it would be a joke.

Peter






 
Reply With Quote
 
 
 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      08-18-2007
In message <(E-Mail Removed)>, pedwin wrote:

> If Windows security wasn't so seriously flawed it would be a joke.


Would you say I was overreacting if I claimed that only a fool would use
such a system for internet banking?
 
Reply With Quote
 
 
 
 
Mark Robinson
Guest
Posts: n/a
 
      08-18-2007
pedwin wrote:
> WTF is Windows Vista doing sending unauthorised packets to a University in
> Asia?.
>
> Right, so I upgrade my mate's kids computer to Vista from ME. No sooner than
> it reboots the hub lights up. Hello methinks. This happened to Win2K also.
> So I have a look at the log file on the Linux firewall/gateway and it
> appears that Vista is trying to connect with 221.9.142.91.
>
> (A few years ago a simillar thing happened with Win2K, except that the IP
> number it tried to send data to was 165.246.99.95.)
>
> If Windows security wasn't so seriously flawed it would be a joke.
>
> Peter


NTP ?
Windowsupdate ?

Port number ?
Protocol?

Tried capturing the packets ?

 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      08-18-2007
pedwin wrote:
> WTF is Windows Vista doing sending unauthorised packets to a University in
> Asia?.
>
> Right, so I upgrade my mate's kids computer to Vista from ME. No sooner than
> it reboots the hub lights up. Hello methinks. This happened to Win2K also.
> So I have a look at the log file on the Linux firewall/gateway and it
> appears that Vista is trying to connect with 221.9.142.91.
>
> (A few years ago a simillar thing happened with Win2K, except that the IP
> number it tried to send data to was 165.246.99.95.)
>
> If Windows security wasn't so seriously flawed it would be a joke.


Perhaps it was already there, only inactive since ME is so out of date
that its not funny, and it only started to run once you had a more
current OS on it with the library's that the virus/whatever required?

Did you check it before upgrading? Anyway, a machine that came with ME
is probably in no position to run vista...
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      08-18-2007
On 2007-08-18, Lawrence D'Oliveiro <(E-Mail Removed)_zealand> wrote:
> In message <(E-Mail Removed)>, pedwin wrote:
>
>> If Windows security wasn't so seriously flawed it would be a joke.

>
> Would you say I was overreacting if I claimed that only a fool would use
> such a system for internet banking?


Even the banks have latched onto this idea. For they say that they will not
pay until one has proven to their satisfaction that *your* system did not
cause the sucessful raid on your bank account
 
Reply With Quote
 
Cadae
Guest
Posts: n/a
 
      08-18-2007
"pedwin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> WTF is Windows Vista doing sending unauthorised packets to a University in
> Asia?.
>
> Right, so I upgrade my mate's kids computer to Vista from ME. No sooner
> than
> it reboots the hub lights up. Hello methinks. This happened to Win2K also.
> So I have a look at the log file on the Linux firewall/gateway and it
> appears that Vista is trying to connect with 221.9.142.91.
>
> (A few years ago a simillar thing happened with Win2K, except that the IP
> number it tried to send data to was 165.246.99.95.)
>
> If Windows security wasn't so seriously flawed it would be a joke.
>
> Peter
>


Thanks to google, it seems like someone with a similar handle and problem
description to yours (new windows box, linux firewall) has had problems
with that same 221.9.142.91 address in May 2006, well before Vista was
released.

http://www.webservertalk.com/archive...5-1500222.html
http://linux.hostweb.com/TopicMessag...1/Default.aspx

Maybe there's something else in your network that is infected, perhaps it's
the common factor between the May 2006 problems and your current problems -
the Linux firewall ?


PC



 
Reply With Quote
 
E. Scrooge
Guest
Posts: n/a
 
      08-19-2007

"pedwin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> WTF is Windows Vista doing sending unauthorised packets to a University in
> Asia?.
>
> Right, so I upgrade my mate's kids computer to Vista from ME. No sooner
> than
> it reboots the hub lights up. Hello methinks. This happened to Win2K also.
> So I have a look at the log file on the Linux firewall/gateway and it
> appears that Vista is trying to connect with 221.9.142.91.
>
> (A few years ago a simillar thing happened with Win2K, except that the IP
> number it tried to send data to was 165.246.99.95.)
>
> If Windows security wasn't so seriously flawed it would be a joke.
>
> Peter


Good try, but only proves that you and computers don't mix very well at all.

You weren't working on a new computer out of the box at all.
The computer has been connected to the God knows for how many years.

More fool you for upgrading an old computer that was working well enough as
it was.

E. Scrooge


 
Reply With Quote
 
thingy
Guest
Posts: n/a
 
      08-19-2007
pedwin wrote:
> WTF is Windows Vista doing sending unauthorised packets to a University in
> Asia?.
>
> Right, so I upgrade my mate's kids computer to Vista from ME. No sooner than
> it reboots the hub lights up. Hello methinks. This happened to Win2K also.
> So I have a look at the log file on the Linux firewall/gateway and it
> appears that Vista is trying to connect with 221.9.142.91.
>
> (A few years ago a simillar thing happened with Win2K, except that the IP
> number it tried to send data to was 165.246.99.95.)
>
> If Windows security wasn't so seriously flawed it would be a joke.
>
> Peter


China? one has to wonder on upgrading ME to Vista....did you have a
legal copy?

;]

inetnum: 221.8.0.0 - 221.9.255.255
netname: CNCGROUP-JL
descr: No.156,Fu-Xing-Men-Nei Street,
descr: CNC Group JILIN province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN


route: 221.8.0.0/15
descr: CNC Group CHINA169 Jilin Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR

source: APNIC

role: CNCGroup Hostmaster
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China

It is possible there was a legal DNS lookup and in fact the DNS was
poisoned to give that IP, and there could be other possibilities. ie you
really need to pick up the complete stream to figure out what was really
going on...

regards

Thing





 
Reply With Quote
 
Cima
Guest
Posts: n/a
 
      08-19-2007


> Right, so I upgrade my mate's kids computer to Vista from ME.


Uhuh. Not that a 7 year old PC would be capable of running it, but:

"Microsoft Vista Home Premium Upgrade. Upgrade from your current edition of
Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows
XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional
x64, Windows 2000)."

ME appears to be missing.


 
Reply With Quote
 
Jerry
Guest
Posts: n/a
 
      08-20-2007
Cima wrote:
>
>> Right, so I upgrade my mate's kids computer to Vista from ME.

>
> Uhuh. Not that a 7 year old PC would be capable of running it, but:
>
> "Microsoft Vista Home Premium Upgrade. Upgrade from your current edition of
> Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows
> XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional
> x64, Windows 2000)."
>
> ME appears to be missing.


You are right, ME won't upgrade to Vista.
http://www.microsoft.com/windows/pro...radepaths.mspx
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
div box questions; float text around a box, fit box to image size Gnarlodious HTML 4 05-05-2010 11:30 AM
PC could be infected without opening an infected mail?! Doug Fox Computer Security 10 02-28-2004 09:32 PM
How do you know you didn't get infected by Swen? wylbur37 Computer Support 28 11-28-2003 07:25 AM
Re: What is infected file EGDHTML_1017.dll? °Mike° Computer Support 4 08-16-2003 11:35 PM
Re: Windows registry infected? JM Computer Support 0 07-10-2003 08:19 AM



Advertisments