Full Disclosure mailing list archives
Re: Microsoft win2003server phone home
From: "martin scherer" <memoxyde () monet no>
Date: Mon, 4 Aug 2003 13:15:26 +0200
My question: 1. Is this behavior normal for a windows server installation ?
for microsoft? yes. this behavior can also be seen while installing XP Professional (only one i tested), while using netcap or similar programs to sniff packets going in/out of the network.
2. Could this behavior be considered as a violation of privacy ?
depends on what kind of information is being sent...sounds to me like it's just checking for activex controllers and codecs, and if there are any updates..unless there is some evil server behind the fake host, retrieving all your sensitive information...both could be ;)
3. Could it be considered as a security risk to let a newly installed
server,
request information from an arbitrary server that I have no control over ?
security in the way that your server might end up getting exploited because of it? no, i dont think so.. security in a way that you might get caught using an illegal copy of a win2003 server? yup. ----- Original Message ----- From: "gyrniff" <b240503 () gyrniff dk> To: <full-disclosure () lists netsys com> Sent: Monday, August 04, 2003 11:57 AM Subject: [Full-disclosure] Microsoft win2003server phone home
After acquiring and installing a copy of 'Windows Server 2003 Standard
Edition
180-Day Evaluation' I walked through the 'role wizard', used the 'custom role config' and selected everything ;-) After reboot the server made two POST request to microsoft controlled webserveres without any notification. One request to activex.micrisoft.com and one to codecs.microsoft.com, the data posted to the two severs was the same. (See the request and responds below.) I can find no information in the license agreement about giving away 'information' behind my back. My question: 1. Is this behavior normal for a windows server installation ? 2. Could this behavior be considered as a violation of privacy ? 3. Could it be considered as a security risk to let a newly installed
server,
request information from an arbitrary server that I have no control over ? **** Posted data to activex.microsoft.com: POST /objects/ocget.dll HTTP/1.1 Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */* Content-Type: application/x-www-form-urlencoded Accept-Language: da Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322) Host: activex.microsoft.com Content-Length: 44 Connection: Keep-Alive Cache-Control: no-cache CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} The reply: HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Sun, 03 Aug 2003 09:48:38 GMT Connection: close Content-Type: text/html Content-Length: 102 <html><head><title>Error</title></head><body>The system cannot find the
file
specified. </body></html> *** Postede data to codecs.microsoft.com POST /isapi/ocget.dll HTTP/1.1 Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */* Content-Type: application/x-www-form-urlencoded Accept-Language: da Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322) Host: codecs.microsoft.com Content-Length: 44 Connection: Keep-Alive Cache-Control: no-cache CLSID={FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} And the reply: HTTP/1.1 404 Not Found Connection: close Date: Sun, 03 Aug 2003 09:47:54 GMT Server: Microsoft-IIS/6.0 P3P: policyref="http://www.microsoft.com/w3c/p3p.xml" CP="ALL IND DSP COR
ADM
CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY
PRE
PUR UNI" X-Powered-By: ASP.NET /Gyrniff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft win2003server phone home gyrniff (Aug 04)
- Re: Microsoft win2003server phone home Gaurav Kumar (Aug 04)
- Re: Microsoft win2003server phone home manohar singh (Aug 04)
- Re: Microsoft win2003server phone home Gaurav Kumar (Aug 04)
- Re: Microsoft win2003server phone home Mike Garegnani (Aug 04)
- Re: Microsoft win2003server phone home Matthew Murphy (Aug 04)
- Re: Microsoft win2003server phone home manohar singh (Aug 04)
- Re: Microsoft win2003server phone home martin scherer (Aug 04)
- Re: Microsoft win2003server phone home Valdis . Kletnieks (Aug 04)
- RE: Microsoft win2003server phone home Jason Coombs (Aug 04)
- Re: Microsoft win2003server phone home Valdis . Kletnieks (Aug 04)
- Re: Microsoft win2003server phone home Valdis . Kletnieks (Aug 04)
- Re: Microsoft win2003server phone home Gaurav Kumar (Aug 04)
- <Possible follow-ups>
- Re: Microsoft win2003server phone home Orochford (Aug 04)