UDP Port probe from

Discussion in 'Windows Desktop Systems' started by PC-Dude, Sep 23, 2002.

  1. PC-Dude

    PC-Dude Guest

    I keep getting UDP port probe from on my firewall, seems to happen 2 or 3 times per day and i'm pretty sure it's not my isp(dial-up) or any programs on my computer. Anyone got any ideas? I tried to do a whois but it doesn't give me anything.
  2. surge

    surge OSNN Senior Addict

    what port number are they scanning for?
    you shouldent have anything to worry about, if you have upto date antivirus and firewall protection its jsut script kiddie'z port scanning. jsut keep logs if the IP/IP's and send an email to your abuse@ispgoeshere.com or .co.uk or what ever the address is and the will take care of it for you.
  3. PC-Dude

    PC-Dude Guest

    I have a Firewall and Antivirus also, and i've tried 3 firewalls and none of them will give me what port the intruder is searching for. Just says a UDP Port Probe. Ohh well no big problem just wondering.
  4. rettahc

    rettahc Guest

    I traced the IP you posted and this is what I found:

    OrgName: Microsoft Corporation
    OrgID: MICROS-34

    NetRange: -
    NetHandle: NET-65-52-0-0-1
    Parent: NET-65-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS1.CP.MSFT.NET
    NameServer: DNS2.CP.MSFT.NET
    NameServer: DNS1.TK.MSFT.NET
    NameServer: DNS1.DC.MSFT.NET
    NameServer: DNS1.SJ.MSFT.NET
    RegDate: 2001-02-14
    Updated: 2001-06-20

    TechHandle: ZM23-ARIN
    TechName: Microsoft Corporation
    TechPhone: +1-425-882-8080
    TechEmail: noc@microsoft.com

    ARIN Whois database, last updated 2002-09-22 19:05
    Enter ? for additional hints on searching ARIN's Whois database.
  5. PC-Dude

    PC-Dude Guest

    Hmm that's interesting, now the question is why? I'm not allowing it until I find out just exactly why this is happening.

    Anyone got any clue? Thanks for your help :D
  6. open_source

    open_source Guest

    Read the EULA's for both SP1 and the Media player fixes and you will see what is going on.
  7. jawshoouh

    jawshoouh Guest

    i haven't installed SP1 yet...would turning off Auto Update services and all those other nifty lil services that MS uses to spy on your PC prevent the UDP port probe?
  8. surge

    surge OSNN Senior Addict

    nope desableing the auto updates wont stop microsoft from accessing your pc, the only way to stop them is to block the related ports they use to spy on the XP user,
    does anyone here know what port numbers Xp users should desable and block if they use a NIC to access the net ?
  9. PC-Dude

    PC-Dude Guest

    I have got this same probe on Win 2000 and XP. So it's not XP specific. And it only happens on the Gateway machine, oh well. :)
  10. dabomb

    dabomb Moderator

    it could be msn messenger
  11. PC-Dude

    PC-Dude Guest

    That could be true, hard to say but anyways don't matter the good thing is that the firewall is blocking it and everything is working fine. Thanks all for your help :D
  12. Rascal

    Rascal Guest

    some IM programs assign dynamic ports for file transfers. maybe the IM servers are trying to decide what ports u have for these connections, by essentially probing you. seeing as the ip seemed to trace to microsoft....its quite likely its something like this.
  13. stuy_b

    stuy_b Guest

    Its probably nothing to worry about especially if you think its from M$, they are hardly gonna send you a virus or trash your PC maliciously now are they!!! :rolleyes:

    I have NPF and it tells me how dangerous a probe is, and lets me track any probes. Maybe get a better firewall software.
  14. JJH35

    JJH35 OSNN Addict

    retthic i was just wondering what program or how you scanned that ip to get those results you posted for him, cause i get stuff on my firewall all the time and would like to be able to scan to retrieve information like that
  15. JJH35

    JJH35 OSNN Addict

    sorry for misspell " rettahc "
  16. surge

    surge OSNN Senior Addict

    you can use a program called neo trace pro , i cant remember the sites address but if you go a google search for it iam sure you can get it that way :)
  17. rettahc

    rettahc Guest

    I used NeoTrace
  18. rettahc

    rettahc Guest

    But i think they have been bought by Mcafee, and it's now called visual trace or something like that.
  19. JJH35

    JJH35 OSNN Addict

  20. jak deth

    jak deth Guest

    Any good firewall or scanner app such as Netscan Pro ( http://www.nwpsw.com ) will give you the abililty to look up who owns the IP addy that is probing your machine. I have 3 or 4 different apps that use the "Name server lookup" tool.