Very bizaar net sessions - MS Customer Experience port probing.

All replies

• 

  

  0

  Sign in to vote

  Note the ____ = he'll, nothing too offensive. I'm not mad, just wondering what this is! Thanks!

  Saturday, August 15, 2009 12:37 AM
• 

  

  0

  Sign in to vote

  Randomly on my router I found the following:
  
  192.168.99.103:4210 4210 65.55.17.157:80 TCP TW OUT 52
  192.168.99.103:4208 4208 65.55.17.157:80 TCP TW OUT 52
  192.168.99.103:4153 4153 65.55.17.157:80 TCP TW OUT 40
  192.168.99.103:4156 4156 65.55.17.157:80 TCP TW OUT 41
  192.168.99.103:4202 4202 65.55.17.157:80 TCP TW OUT 51
  192.168.99.103:4147 4147 65.55.17.157:80 TCP TW OUT 39
  192.168.99.103:4151 4151 65.55.17.157:80 TCP TW OUT 40
  192.168.99.103:4155 4155 65.55.17.157:80 TCP TW OUT 41
  192.168.99.103:4167 4167 65.55.17.157:80 TCP TW OUT 43
  192.168.99.103:4219 4219 65.55.17.157:80 TCP TW OUT 54
  192.168.99.103:4181 4181 65.55.17.157:80 TCP TW OUT 46
  192.168.99.103:4194 4194 65.55.17.157:80 TCP TW OUT 49
  192.168.99.103:4228 4228 65.55.17.157:80 TCP TW OUT 56
  192.168.99.103:4141 4141 65.55.17.157:80 TCP TW OUT 38
  192.168.99.103:4215 4215 65.55.17.157:80 TCP TW OUT 53
  192.168.99.103:4184 4184 65.55.17.157:80 TCP TW OUT 47
  192.168.99.103:4140 4140 65.55.17.157:80 TCP TW OUT 37
  192.168.99.103:4216 4216 65.55.17.157:80 TCP TW OUT 53
  192.168.99.103:4182 4182 65.55.17.157:80 TCP TW OUT 46
  192.168.99.103:4199 4199 65.55.17.157:80 TCP TW OUT 50
  192.168.99.103:4191 4191 65.55.17.157:80 TCP TW OUT 48
  192.168.99.103:4206 4206 65.55.17.157:80 TCP TW OUT 51
  192.168.99.103:4230 4230 65.55.17.157:80 TCP TW OUT 56
  192.168.99.103:4220 4220 65.55.17.157:80 TCP TW OUT 54
  192.168.99.103:4222 4222 65.55.17.157:80 TCP TW OUT 55
  192.168.99.103:4186 4186 65.55.17.157:80 TCP TW OUT 47
  192.168.99.103:4175 4175 65.55.17.157:80 TCP TW OUT 45
  192.168.99.103:4165 4165 65.55.17.157:80 TCP TW OUT 43
  192.168.99.103:4192 4192 65.55.17.157:80 TCP TW OUT 48
  192.168.99.103:4172 4172 65.55.17.157:80 TCP TW OUT 44
  192.168.99.103:4213 4213 65.55.17.157:80 TCP TW OUT 53
  192.168.99.103:4164 4164 65.55.17.157:80 TCP TW OUT 42
  192.168.99.103:4161 4161 65.55.17.157:80 TCP TW OUT 42
  192.168.99.103:4218 4218 65.55.17.157:80 TCP TW OUT 54
  192.168.99.103:4204 4204 65.55.17.157:80 TCP TW OUT 51
  192.168.99.103:4188 4188 65.55.17.157:80 TCP TW OUT 48
  192.168.99.103:4149 4149 65.55.17.157:80 TCP TW OUT 39
  192.168.99.103:4200 4200 65.55.17.157:80 TCP TW OUT 50
  192.168.99.103:4196 4196 65.55.17.157:80 TCP TW OUT 49
  192.168.99.103:4144 4144 65.55.17.157:80 TCP TW OUT 38
  192.168.99.103:4227 4227 65.55.17.157:80 TCP TW OUT 56
  192.168.99.103:4168 4168 65.55.17.157:80 TCP TW OUT 43
  192.168.99.103:4197 4197 65.55.17.157:80 TCP TW OUT 49
  192.168.99.103:4148 4148 65.55.17.157:80 TCP TW OUT 39
  192.168.99.103:4190 4190 65.55.17.157:80 TCP TW OUT 48
  192.168.99.103:4174 4174 65.55.17.157:80 TCP TW OUT 45
  192.168.99.103:4154 4154 65.55.17.157:80 TCP TW OUT 40
  192.168.99.103:4203 4203 65.55.17.157:80 TCP TW OUT 51
  192.168.99.103:4178 4178 65.55.17.157:80 TCP TW OUT 45
  192.168.99.103:4143 4143 65.55.17.157:80 TCP TW OUT 38
  192.168.99.103:4225 4225 65.55.17.157:80 TCP TW OUT 55
  192.168.99.103:4193 4193 65.55.17.157:80 TCP TW OUT 49
  192.168.99.103:4162 4162 65.55.17.157:80 TCP TW OUT 42
  192.168.99.103:4157 4157 65.55.17.157:80 TCP TW OUT 41
  192.168.99.103:4146 4146 65.55.17.157:80 TCP TW OUT 39
  192.168.99.103:4152 4152 65.55.17.157:80 TCP TW OUT 40
  192.168.99.103:4163 4163 65.55.17.157:80 TCP TW OUT 42
  192.168.99.103:4195 4195 65.55.17.157:80 TCP TW OUT 49
  192.168.99.103:4183 4183 65.55.17.157:80 TCP TW OUT 46
  192.168.99.103:4201 4201 65.55.17.157:80 TCP TW OUT 50
  192.168.99.103:4142 4142 65.55.17.157:80 TCP TW OUT 38
  192.168.99.103:4229 4229 65.55.17.157:80 TCP TW OUT 56
  192.168.99.103:4150 4150 65.55.17.157:80 TCP TW OUT 39
  192.168.99.103:4211 4211 65.55.17.157:80 TCP TW OUT 52
  192.168.99.103:4209 4209 65.55.17.157:80 TCP TW OUT 52
  192.168.99.103:4214 4214 65.55.17.157:80 TCP TW OUT 53
  192.168.99.103:4224 4224 65.55.17.157:80 TCP TW OUT 55
  192.168.99.103:4159 4159 65.55.17.157:80 TCP TW OUT 41
  192.168.99.103:4160 4160 65.55.17.157:80 TCP TW OUT 42
  192.168.99.103:4180 4180 65.55.17.157:80 TCP TW OUT 46
  192.168.99.103:4171 4171 65.55.17.157:80 TCP TW OUT 44
  192.168.99.103:4185 4185 65.55.17.157:80 TCP TW OUT 47
  192.168.99.103:4166 4166 65.55.17.157:80 TCP TW OUT 43
  192.168.99.103:4223 4223 65.55.17.157:80 TCP TW OUT 55
  192.168.99.103:4169 4169 65.55.17.157:80 TCP TW OUT 43
  192.168.99.103:4170 4170 65.55.17.157:80 TCP TW OUT 44
  192.168.99.103:4187 4187 65.55.17.157:80 TCP TW OUT 47
  192.168.99.103:4207 4207 65.55.17.157:80 TCP TW OUT 52
  192.168.99.103:4198 4198 65.55.17.157:80 TCP TW OUT 50
  192.168.99.103:4176 4176 65.55.17.157:80 TCP TW OUT 45
  192.168.99.103:4158 4158 65.55.17.157:80 TCP TW OUT 41
  192.168.99.103:4221 4221 65.55.17.157:80 TCP TW OUT 55
  192.168.99.103:4226 4226 65.55.17.157:80 TCP TW OUT 56
  192.168.99.103:4212 4212 65.55.17.157:80 TCP TW OUT 53
  192.168.99.103:4205 4205 65.55.17.157:80 TCP TW OUT 51
  192.168.99.103:4179 4179 65.55.17.157:80 TCP TW OUT 46
  192.168.99.103:4177 4177 65.55.17.157:80 TCP TW OUT 45
  192.168.99.103:4145 4145 65.55.17.157:80 TCP TW OUT 38
  192.168.99.103:4189 4189 65.55.17.157:80 TCP TW OUT 48
  192.168.99.103:4173 4173 65.55.17.157:80 TCP TW OUT 44
  192.168.99.103:4217 4217 65.55.17.157:80 TCP TW OUT 54
  
  all the way to 58999
  
  192.168.99.103 is my WHS box. It's DHCP pulled reservation.
  
  The IP 65.55.17.157 goes back to http://www.microsoft.com/products/ceip/EN-US/default.mspx the Customer Experience Improvement site.
  
  What the ____ is this and why the ____ is this port probing going on?? All of the sessions I saw were outbound, but still. What the heck?!?!
  
  There is nothing running on my WHS box right now, I closed anything that might have caused a problem (Subsonic, McAfee VS, stopped all non MS services, logged off and disconnected any remote sessions) and the sessions still kept going.
  
  Any explanation?
  
  Should I post this or get it moved to a more relevant forum? Server 2003/SBS? Feedback?

  
  Do you have Customer Experience Improvement Program enabled on your server?

  Saturday, August 15, 2009 3:25 AM

  Moderator
• 

  

  0

  Sign in to vote

  Not anymore!
  
  Can you explain the traffic though?
  
  Per Microsoft CEIP they use/collect the following:
  

  CEIP reports generally include information about:

  •	Configuration, such as how many processors are in your computer, how many network connections you use, the operating system that your computer is currently running, screen resolutions for display devices, the strength of the wireless signal between your computer and a media player device, and if some features such as Bluetooth wireless technology or high-speed USB connections are turned on.
  •	Performance and reliability, such as how quickly a program responds when you click a button, how many problems you experience with a program or a device, and how quickly information is sent or received over a network connection.
  •	Program use, such as the features that you use the most often, how frequently you launch programs, and how many folders you typically create on your desktop.

  Internet-enabled features in software will send information about your computer (standard computer information) to the websites you visit and web services you use. This information is generally not personally identifiable. Standard computer information typically includes certain information about your computer software and hardware, such as your IP address, operating system version, web browser version, your hardware ID (which indicates the device manufacturer, device name, and version), and your regional and language settings. Although when each CEIP report is sent to Microsoft, standard computer information is sent as well, Microsoft does not store your IP address with your CEIP reports.

  CEIP generates a globally unique identifier (GUID) that is stored on your computer to uniquely identify it. The GUID is a randomly generated number; it does not contain any personal information and is not used to identify you. CEIP uses the GUID to determine how widespread the feedback is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one customer experiencing a problem one hundred times and other customers experiencing the same problem once. The GUID is stored on your computer and sent with every CEIP report. CEIP reports do not intentionally contain any contact information about you (such as your name, address, or phone number). However, some reports might unintentionally contain individual identifiers (other than the GUID), such as a serial number for a device that is connected to your computer. Microsoft filters the information contained in CEIP reports to try to remove any individual identifiers that they might contain.

  Microsoft uses CEIP information to improve our software. We may share CEIP information with partners, but the information cannot be used to identify you.

  Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities. Microsoft may disclose this information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft or the site; (b) protect and defend the rights or property of Microsoft and its family of websites, or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public. Microsoft occasionally hires other companies to provide limited services on its behalf, such as providing customer support, processing transactions, or performing statistical analysis of reports. Microsoft will provide those companies only the information they need to deliver the service. They are required to maintain the confidentiality of this information and are prohibited from using it for any other purpose.
  
  
  
  Maybe they're polling for open ports. But why to there own server?

  Saturday, August 15, 2009 3:24 PM