locked
Microsoft Hack Attempt detected

    General discussion

  • I want to know What urs.microsoft.com is and why it is trying to attempt web access to my router which is flagging this activity as a warning

     

    I get repeated sign in attempts from urs.microsoft.com router not setup with remote adminstative access so it's not going to happen but it's been logged

     

    This actvity also hard enough it could be considered DSA (Denial of Service Attack by Microsoft)

     

    *It floods my routers logging

     

    * Prevents or slows connection in bound/ out bound internet traffic causing a really messed up router

     

    * Router recoding an Illeagal act by Microsoft

     

    I don't know What urs.microsoft.com server does but this activity on my router better stop

     

    this warnets a phone call if it doesn't stop.   

     

    Friday, November 02, 2007 11:16 PM

All replies

  • Inbound or outbound, Mikro?

    -steve

     

    Saturday, November 03, 2007 2:42 AM
    Moderator
  • URL Reputation Service - back end of the IE 7 Phishing Filter service.

     

    Download the following PDF and search for urs.microsoft.com to see diagrams of how this service works.

     

    http://download.microsoft.com/download/2/8/e/28e60dcc-123c-4b27-b397-1f6b2b6cb420/Part1_MM.pdf

     

    OneCareBear

    Saturday, November 03, 2007 4:46 AM
    Moderator
  • Thanks but it stil doesn't explain the access attempt behavor.

    Saturday, November 03, 2007 9:43 AM
  • Are you running the OneCare 2.0 beta? It checks your router periodically to see if it is a compatible one.
    Saturday, November 03, 2007 12:19 PM
  •  Mikro wrote:

    Thanks but it stil doesn't explain the access attempt behavor.

     

    I wasn't trying to explain the behaviour, only where it originated from. Since the site in question is related to the Internet Explorer 7 Phishing Filter, I'd guess it was responses to requests by your Phishing Filter based on access to web pages you had made. If this doesn't seem reasonable, then you need to investigate it at the appropriate place where someone can answer your question.

     

    Since the Phishing Filter is a part of Internet Explorer 7, I'd think you should take your questions to the NewsGroup or Forum related to that product. My personal guess is you are simply mis-interpreting these log entries, but there have been issues with the Phishing Filter operation in the past and it's also possible that your router is interfering with the responses coming from the URL Reputation Service and mis-identifying them as an attack.

     

    If you stop to think for two seconds, it's quite obvious that Microsoft has no need to 'attack' your router to gain access to your PC, since they already have complete access to it via several vectors including Windows Updates, OneCare and even the Phishing Filter itself. For this reason it's not logical to assume an 'attack', it's more likely that something in the router is not functioning correctly or mis-configured and causing the very issue it's reporting.

     

    OneCareBear

    Sunday, November 04, 2007 3:25 PM
    Moderator
  •  OneCareBear wrote:
     Mikro wrote:

    Thanks but it stil doesn't explain the access attempt behavor.

     

    I wasn't trying to explain the behaviour, only where it originated from. Since the site in question is related to the Internet Explorer 7 Phishing Filter, I'd guess it was responses to requests by your Phishing Filter based on access to web pages you had made. If this doesn't seem reasonable, then you need to investigate it at the appropriate place where someone can answer your question.

     

    Since the Phishing Filter is a part of Internet Explorer 7, I'd think you should take your questions to the NewsGroup or Forum related to that product. My personal guess is you are simply mis-interpreting these log entries, but there have been issues with the Phishing Filter operation in the past and it's also possible that your router is interfering with the responses coming from the URL Reputation Service and mis-identifying them as an attack.

     

    If you stop to think for two seconds, it's quite obvious that Microsoft has no need to 'attack' your router to gain access to your PC, since they already have complete access to it via several vectors including Windows Updates, OneCare and even the Phishing Filter itself. For this reason it's not logical to assume an 'attack', it's more likely that something in the router is not functioning correctly or mis-configured and causing the very issue it's reporting.

     

    OneCareBear

     

    Thanks at lease I know what function is causing this. Now I'm trying to figure out how to stop it.

    Sunday, November 04, 2007 7:04 PM
  • Stop it by using Firefox Smile
    Monday, May 05, 2008 3:56 AM
  • questions like this the prog visualroute give great answers. enjoy.
    Friday, October 30, 2009 10:51 PM