Windows Mobile 5 (Dell Axim) phoning home...why?

Posted by: Ezekiel

Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 12:01

My firewall has been flagging some IP traffic from my Windows Mobile 5 device (docked in cradle) to Microsoft.

Quote:
UTC 01/18/2006 23:22:06.304 - IP spoof dropped - Source:169.254.2.2, 137, LAN - Destination:207.46.157.30, 137, WAN - MAC address: 00.0D.56.1F.E0.1C -


207.46.157.30 belongs to Microsoft. I know that port 137 is NetBIOS, but why does a handheld reach all the way out to Microsoft?

-Chris
Posted by: cushman

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 12:06

Quote:
I know that port 137 is NetBIOS, but why does a handheld reach all the way out to Microsoft?

It's like the One Ring. It reaches out to it's master every once in a while. Now they know where you live so they can send a BAL-LMER to come and get you!
Posted by: tfabris

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 17:51

Quote:
why does a handheld reach all the way out to Microsoft?

Most Microsoft software (OS, apps, whatever) phones home these days as part of its copy protection.
Posted by: Roger

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 21:38

Quote:
Most Microsoft software (OS, apps, whatever) phones home these days as part of its copy protection.


Cite?
Posted by: tfabris

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 21:40

Office 2003, Windows XP/2003. Dunno about the handheld thingy, but the fact that he's seeing traffic from it try to go back to Microsoft.com would seem to indicate...
Posted by: matthew_k

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 19/01/2006 21:47

I don't think XP phones home regularly for copy protection. I would assume we'd have heard an outcry if a properly activated install of XP with windows update turned off phoned home.

Matthew
Posted by: Roger

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 06:23

Quote:
Office 2003, Windows XP/2003


Let me ask that again: Do you have a link to a story/KB article describing this behaviour?

I was under the impression that once you'd gone through product activation, that was it, except for Microsoft Update and for the Error Reporting tool.
Posted by: Phoenix42

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 10:25

In a class in college we packed sniffed on a PC during boot up, I don't recall the OS but this was back in about '98 so it must have been '9x or NT and it called home. So they have been doing this for quiet some time.
Posted by: tman

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 10:34

Quote:
In a class in college we packed sniffed on a PC during boot up, I don't recall the OS but this was back in about '98 so it must have been '9x or NT and it called home. So they have been doing this for quiet some time.

I've never seen anything like that for any version of Windows excluding the obvious update checking cycles it does. Yes I have used a packet sniffer. Windows/Office XP/2K3 don't call home apart from the initial product activation, MSN and NTP.

If it does attempt to call home then it is because you've installed something or configured something to do so.
Posted by: tman

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 10:41

The first Google search result for that IP shows that it is part of the update system...
Posted by: Ezekiel

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 19:38

That's interesting. There's no interface options, applications etc. that would seem to have anything to do with Windows Update on the device itself (that I can find by poking around the file tree).

-Zeke
Posted by: tman

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 19:40

Quote:
That's interesting. There's no interface options, applications etc. that would seem to have anything to do with Windows Update on the device itself (that I can find by poking around the file tree).

It is kind of strange but I don't think it'll be anything insideous. Windows Mobile isn't likely to be pirated so it isn't for licensing enforcement.
Posted by: Ezekiel

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 20/01/2006 20:46

Yeah, I didn't think that would be the case (licensing). My guess is that they've got some unfinished windows update stub programming in Windows Mobile 5 that would let them bootstrap an update procedure if they really needed to. While I'm no hacker, it seems like Windows Mobile is probably riddled with security holes, but nobody's really targeted it yet, so we're not yet pressured to secure them.

After all, what is the codebase for Windows Mobile 5? It's not NT/XP based (that'd be 'Windows XP Embedded'). If it's Windows CE then I'm sure it's full of crufty coding (given the age of the codebase). Dunno. It is interesting behavior tho.

-Zeke
Posted by: Roger

Re: Windows Mobile 5 (Dell Axim) phoning home...why? - 21/01/2006 06:47

Quote:
After all, what is the codebase for Windows Mobile 5?


Yeah, it's Windows CE-derived. XP Embedded is for ATMs and checkouts and stuff.