Posted by: Ezekiel
Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 12:01
My firewall has been flagging some IP traffic from my Windows Mobile 5 device (docked in cradle) to Microsoft.
Quote:
UTC 01/18/2006 23:22:06.304 - IP spoof dropped - Source:169.254.2.2, 137, LAN - Destination:207.46.157.30, 137, WAN - MAC address: 00.0D.56.1F.E0.1C -
207.46.157.30 belongs to Microsoft. I know that port 137 is NetBIOS, but why does a handheld reach all the way out to Microsoft?
-Chris
Posted by: tfabris
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 21:40
Office 2003, Windows XP/2003. Dunno about the handheld thingy, but the fact that he's seeing traffic from it try to go back to Microsoft.com would seem to indicate...
Posted by: matthew_k
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 21:47
I don't think XP phones home regularly for copy protection. I would assume we'd have heard an outcry if a properly activated install of XP with windows update turned off phoned home.
Matthew
Posted by: Phoenix42
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 10:25
In a class in college we packed sniffed on a PC during boot up, I don't recall the OS but this was back in about '98 so it must have been '9x or NT and it called home. So they have been doing this for quiet some time.
Posted by: tman
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 10:41
The first Google search result for that IP shows that it is
part of the update system...
Posted by: Ezekiel
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 19:38
That's interesting. There's no interface options, applications etc. that would seem to have anything to do with Windows Update on the device itself (that I can find by poking around the file tree).
-Zeke
Posted by: Ezekiel
Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 20:46
Yeah, I didn't think that would be the case (licensing). My guess is that they've got some unfinished windows update stub programming in Windows Mobile 5 that would let them bootstrap an update procedure if they really needed to. While I'm no hacker, it seems like Windows Mobile is probably riddled with security holes, but nobody's really targeted it yet, so we're not yet pressured to secure them.
After all, what is the codebase for Windows Mobile 5? It's not NT/XP based (that'd be 'Windows XP Embedded'). If it's Windows CE then I'm sure it's full of crufty coding (given the age of the codebase). Dunno. It is interesting behavior tho.
-Zeke