[NCLUG] port monitorer

herrold herrold at owlriver.com
Mon Feb 19 09:37:18 MST 2001


On Mon, 19 Feb 2001, Mark C. Smith wrote:

> ->You'll probably find that you need to add some "deny but don't log" rules
> ->for dumping garbage like Windows boxes trying to call the mother ship and
> ->all though.
>
> I laughed at this at first (and still think it's funny), but then the
> thought occured to me, "do winbloze boxes try to contact microsoft?"
> Seriously, I'd be interested in knowing, and if so, why?

... absolutely -- set a new NT install all by its lonesome behind a
logging firewall;  run; observe it phoning home, to append the
MAC-identified software inventory for the SPA to use when visting to
'help' you make sure you did not accidentally 'forget' to account
for all license certificates for all your installed base of legacy
OS software ...

First saw it four years ago, when I was setting a new firewall up.

It might be recreational to reverse engineer the reporting format
using tcpdumo to log the conversation, and help add entries to that
database ...

-- Russ Herrold




More information about the NCLUG mailing list