Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#274656 - 19/01/2006 12:01 Windows Mobile 5 (Dell Axim) phoning home...why?
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
My firewall has been flagging some IP traffic from my Windows Mobile 5 device (docked in cradle) to Microsoft.

Quote:
UTC 01/18/2006 23:22:06.304 - IP spoof dropped - Source:169.254.2.2, 137, LAN - Destination:207.46.157.30, 137, WAN - MAC address: 00.0D.56.1F.E0.1C -


207.46.157.30 belongs to Microsoft. I know that port 137 is NetBIOS, but why does a handheld reach all the way out to Microsoft?

-Chris
_________________________
WWFSMD?

Top
#274657 - 19/01/2006 12:06 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Ezekiel]
cushman
veteran

Registered: 21/01/2002
Posts: 1380
Loc: Erie, CO
Quote:
I know that port 137 is NetBIOS, but why does a handheld reach all the way out to Microsoft?

It's like the One Ring. It reaches out to it's master every once in a while. Now they know where you live so they can send a BAL-LMER to come and get you!
_________________________
Mark Cushman

Top
#274658 - 19/01/2006 17:51 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Ezekiel]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Quote:
why does a handheld reach all the way out to Microsoft?

Most Microsoft software (OS, apps, whatever) phones home these days as part of its copy protection.
_________________________
Tony Fabris

Top
#274659 - 19/01/2006 21:38 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tfabris]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Quote:
Most Microsoft software (OS, apps, whatever) phones home these days as part of its copy protection.


Cite?
_________________________
-- roger

Top
#274660 - 19/01/2006 21:40 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Roger]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Office 2003, Windows XP/2003. Dunno about the handheld thingy, but the fact that he's seeing traffic from it try to go back to Microsoft.com would seem to indicate...
_________________________
Tony Fabris

Top
#274661 - 19/01/2006 21:47 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tfabris]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
I don't think XP phones home regularly for copy protection. I would assume we'd have heard an outcry if a properly activated install of XP with windows update turned off phoned home.

Matthew

Top
#274662 - 20/01/2006 06:23 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tfabris]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Quote:
Office 2003, Windows XP/2003


Let me ask that again: Do you have a link to a story/KB article describing this behaviour?

I was under the impression that once you'd gone through product activation, that was it, except for Microsoft Update and for the Error Reporting tool.
_________________________
-- roger

Top
#274663 - 20/01/2006 10:25 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tfabris]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
In a class in college we packed sniffed on a PC during boot up, I don't recall the OS but this was back in about '98 so it must have been '9x or NT and it called home. So they have been doing this for quiet some time.

Top
#274664 - 20/01/2006 10:34 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Phoenix42]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Quote:
In a class in college we packed sniffed on a PC during boot up, I don't recall the OS but this was back in about '98 so it must have been '9x or NT and it called home. So they have been doing this for quiet some time.

I've never seen anything like that for any version of Windows excluding the obvious update checking cycles it does. Yes I have used a packet sniffer. Windows/Office XP/2K3 don't call home apart from the initial product activation, MSN and NTP.

If it does attempt to call home then it is because you've installed something or configured something to do so.

Top
#274665 - 20/01/2006 10:41 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Ezekiel]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
The first Google search result for that IP shows that it is part of the update system...

Top
#274666 - 20/01/2006 19:38 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tman]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
That's interesting. There's no interface options, applications etc. that would seem to have anything to do with Windows Update on the device itself (that I can find by poking around the file tree).

-Zeke
_________________________
WWFSMD?

Top
#274667 - 20/01/2006 19:40 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Ezekiel]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Quote:
That's interesting. There's no interface options, applications etc. that would seem to have anything to do with Windows Update on the device itself (that I can find by poking around the file tree).

It is kind of strange but I don't think it'll be anything insideous. Windows Mobile isn't likely to be pirated so it isn't for licensing enforcement.

Top
#274668 - 20/01/2006 20:46 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: tman]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
Yeah, I didn't think that would be the case (licensing). My guess is that they've got some unfinished windows update stub programming in Windows Mobile 5 that would let them bootstrap an update procedure if they really needed to. While I'm no hacker, it seems like Windows Mobile is probably riddled with security holes, but nobody's really targeted it yet, so we're not yet pressured to secure them.

After all, what is the codebase for Windows Mobile 5? It's not NT/XP based (that'd be 'Windows XP Embedded'). If it's Windows CE then I'm sure it's full of crufty coding (given the age of the codebase). Dunno. It is interesting behavior tho.

-Zeke
_________________________
WWFSMD?

Top
#274669 - 21/01/2006 06:47 Re: Windows Mobile 5 (Dell Axim) phoning home...why? [Re: Ezekiel]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Quote:
After all, what is the codebase for Windows Mobile 5?


Yeah, it's Windows CE-derived. XP Embedded is for ATMs and checkouts and stuff.
_________________________
-- roger

Top