blocked packets from windows update

Discussion in 'other security issues & news' started by dannyboy 950, Apr 30, 2006.

Thread Status:
Not open for further replies.
  1. dannyboy 950

    dannyboy 950 Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    50
    While checking my firewall logs I came across some entires from windows update. Now most of these were allowed as exspected but then I found a bunch that were blocked. This seemed odd so I copied this for your opinions.

    0000: 00 50 BA BF F0 61 00 05 : 9A D0 D0 A8 08 00 45 00 | .P...a........E.
    0010: 05 DC A3 9C 40 00 33 06 : E9 4B 40 56 6A 8F 18 AF | ....@.3..K@Vj...
    0020: F1 9F 00 50 0D 8E 2A 5B : 4E 87 35 61 8C 3E 50 10 | ...P..*[N.5a.>P.
    0030: 32 40 9B FD 00 00 48 65 : 61 70 41 6C 6C 6F 63 00 | 2@....HeapAlloc.
    0040: B9 00 45 78 69 74 50 72 : 6F 63 65 73 73 00 D7 02 | ..ExitProcess...
    0050: 52 74 6C 55 6E 77 69 6E : 64 00 46 01 47 65 74 43 | RtlUnwind.F.GetC
    0060: 75 72 72 65 6E 74 54 68 : 72 65 61 64 49 64 00 00 | urrentThreadId..
    0070: 10 01 47 65 74 43 6F 6D : 6D 61 6E 64 4C 69 6E 65 | ..GetCommandLine
    0080: 41 00 E9 01 47 65 74 56 : 65 72 73 69 6F 6E 45 78 | A...GetVersionEx
    0090: 41 00 A7 02 52 61 69 73 : 65 45 78 63 65 70 74 69 | A...RaiseExcepti
    00A0: 6F 6E 00 00 14 02 48 65 : 61 70 44 65 73 74 72 6F | on....HeapDestro
    00B0: 79 00 12 02 48 65 61 70 : 43 72 65 61 74 65 00 00 | y...HeapCreate..
    00C0: 83 03 56 69 72 74 75 61 : 6C 46 72 65 65 00 81 00 | ..VirtualFree...
    00D0: 44 65 6C 65 74 65 43 72 : 69 74 69 63 61 6C 53 65 | DeleteCriticalSe
    00E0: 63 74 69 6F 6E 00 51 02 : 4C 65 61 76 65 43 72 69 | ction.Q.LeaveCri
    00F0: 74 69 63 61 6C 53 65 63 : 74 69 6F 6E 00 00 98 00 | ticalSection....
    0100: 45 6E 74 65 72 43 72 69 : 74 69 63 61 6C 53 65 63 | EnterCriticalSec
    0110: 74 69 6F 6E 00 00 81 03 : 56 69 72 74 75 61 6C 41 | tion....VirtualA
    0120: 6C 6C 6F 63 00 00 1A 02 : 48 65 61 70 52 65 41 6C | lloc....HeapReAl
    0130: 6C 6F 63 00 36 02 49 73 : 42 61 64 57 72 69 74 65 | loc.6.IsBadWrite
    0140: 50 74 72 00 44 02 4C 43 : 4D 61 70 53 74 72 69 6E | Ptr.D.LCMapStrin
    0150: 67 41 00 00 94 03 57 69 : 64 65 43 68 61 72 54 6F | gA....WideCharTo
    0160: 4D 75 6C 74 69 42 79 74 : 65 00 45 02 4C 43 4D 61 | MultiByte.E.LCMa
    0170: 70 53 74 72 69 6E 67 57 : 00 00 63 03 54 6C 73 41 | pStringW..c.TlsA
    0180: 6C 6C 6F 63 00 00 28 03 : 53 65 74 4C 61 73 74 45 | lloc..(.SetLastE
    0190: 72 72 6F 72 00 00 64 03 : 54 6C 73 46 72 65 65 00 | rror..d.TlsFree.
    01A0: 66 03 54 6C 73 53 65 74 : 56 61 6C 75 65 00 65 03 | f.TlsSetValue.e.
    01B0: 54 6C 73 47 65 74 56 61 : 6C 75 65 00 A3 02 51 75 | TlsGetValue...Qu
    01C0: 65 72 79 50 65 72 66 6F : 72 6D 61 6E 63 65 43 6F | eryPerformanceCo
    01D0: 75 6E 74 65 72 00 DF 01 : 47 65 74 54 69 63 6B 43 | unter...GetTickC
    01E0: 6F 75 6E 74 00 00 CA 01 : 47 65 74 53 79 73 74 65 | ount....GetSyste
    01F0: 6D 54 69 6D 65 41 73 46 : 69 6C 65 54 69 6D 65 00 | mTimeAsFileTime.
    0200: 7D 01 47 65 74 4D 6F 64 : 75 6C 65 46 69 6C 65 4E | }.GetModuleFileN
    0210: 61 6D 65 41 00 00 29 02 : 49 6E 74 65 72 6C 6F 63 | ameA..).Interloc
    0220: 6B 65 64 45 78 63 68 61 : 6E 67 65 00 88 03 56 69 | kedExchange...Vi
    0230: 72 74 75 61 6C 51 75 65 : 72 79 00 00 5E 03 54 65 | rtualQuery..^.Te
    0240: 72 6D 69 6E 61 74 65 50 : 72 6F 63 65 73 73 00 00 | rminateProcess..
    0250: 24 03 53 65 74 48 61 6E : 64 6C 65 43 6F 75 6E 74 | $.SetHandleCount
    0260: 00 00 B9 01 47 65 74 53 : 74 64 48 61 6E 64 6C 65 | ....GetStdHandle
    0270: 00 00 66 01 47 65 74 46 : 69 6C 65 54 79 70 65 00 | ..f.GetFileType.
    0280: B7 01 47 65 74 53 74 61 : 72 74 75 70 49 6E 66 6F | ..GetStartupInfo
    0290: 41 00 F6 00 46 72 65 65 : 45 6E 76 69 72 6F 6E 6D | A...FreeEnvironm
    02A0: 65 6E 74 53 74 72 69 6E : 67 73 41 00 55 01 47 65 | entStringsA.U.Ge
    02B0: 74 45 6E 76 69 72 6F 6E : 6D 65 6E 74 53 74 72 69 | tEnvironmentStri
    02C0: 6E 67 73 00 F7 00 46 72 : 65 65 45 6E 76 69 72 6F | ngs...FreeEnviro
    02D0: 6E 6D 65 6E 74 53 74 72 : 69 6E 67 73 57 00 57 01 | nmentStringsW.W.
    02E0: 47 65 74 45 6E 76 69 72 : 6F 6E 6D 65 6E 74 53 74 | GetEnvironmentSt
    02F0: 72 69 6E 67 73 57 00 00 : 6E 03 55 6E 68 61 6E 64 | ringsW..n.Unhand
    0300: 6C 65 64 45 78 63 65 70 : 74 69 6F 6E 46 69 6C 74 | ledExceptionFilt
    0310: 65 72 00 00 A4 03 57 72 : 69 74 65 46 69 6C 65 00 | er....WriteFile.
    0320: 4A 03 53 65 74 55 6E 68 : 61 6E 64 6C 65 64 45 78 | J.SetUnhandledEx
    0330: 63 65 70 74 69 6F 6E 46 : 69 6C 74 65 72 00 23 02 | ceptionFilter.#.
    0340: 49 6E 69 74 69 61 6C 69 : 7A 65 43 72 69 74 69 63 | InitializeCritic
    0350: 61 6C 53 65 63 74 69 6F : 6E 00 86 03 56 69 72 74 | alSection...Virt
    0360: 75 61 6C 50 72 6F 74 65 : 63 74 00 00 C5 01 47 65 | ualProtect....Ge
    0370: 74 53 79 73 74 65 6D 49 : 6E 66 6F 00 74 01 47 65 | tSystemInfo.t.Ge
    0380: 74 4C 6F 63 61 6C 65 49 : 6E 66 6F 41 00 00 04 01 | tLocaleInfoA....
    0390: 47 65 74 43 50 49 6E 66 : 6F 00 BA 01 47 65 74 53 | GetCPInfo...GetS
    03A0: 74 72 69 6E 67 54 79 70 : 65 41 00 00 BD 01 47 65 | tringTypeA....Ge
    03B0: 74 53 74 72 69 6E 67 54 : 79 70 65 57 00 00 FD 00 | tStringTypeW....
    03C0: 47 65 74 41 43 50 00 00 : 93 01 47 65 74 4F 45 4D | GetACP....GetOEM
    03D0: 43 50 00 00 52 02 4C 6F : 61 64 4C 69 62 72 61 72 | CP..R.LoadLibrar
    03E0: 79 41 00 00 33 02 49 73 : 42 61 64 52 65 61 64 50 | yA..3.IsBadReadP
    03F0: 74 72 00 00 30 02 49 73 : 42 61 64 43 6F 64 65 50 | tr..0.IsBadCodeP
    0400: 74 72 00 00 37 03 53 65 : 74 53 74 64 48 61 6E 64 | tr..7.SetStdHand
    0410: 6C 65 00 00 1C 02 48 65 : 61 70 53 69 7A 65 00 00 | le....HeapSize..
    0420: 00 00 00 00 62 85 4C 44 : 00 00 00 00 92 9E 01 00 | ....b.LD........
    0430: 01 00 00 00 01 00 00 00 : 01 00 00 00 88 9E 01 00 | ................
    0440: 8C 9E 01 00 90 9E 01 00 : A0 43 00 00 9F 9E 01 00 | .........C......
    0450: 00 00 66 73 73 65 6E 73 : 6F 72 2E 64 6C 6C 00 5F | ..fssensor.dll._
    0460: 73 63 61 6E 40 34 00 00 : 00 00 00 00 00 00 00 00 | scan@4..........
    0470: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0480: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0490: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04A0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04B0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04C0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04D0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04E0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    04F0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0500: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0510: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0520: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0530: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0540: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0550: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0560: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0570: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0580: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    0590: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    05A0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    05B0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
    05C0: 00 00 00 00 16 0B 01 10 : 00 00 00 00 00 00 00 00 | ................
    05D0: E4 46 01 10 01 4C 01 10 : A3 4F 01 10 CA 2E 01 10 | .F...L...O......
    05E0: 00 00 00 00 00 00 00 00 : AA 4C | .........L

    Any idea what this means and why it would be blocked?
     
    dannyboy 950, Apr 30, 2006
    #1
  2. dannyboy 950

    dannyboy 950 Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    50
    Wow so many views and not a single reply.

    Surley I haven't found something that our Gurus have no opinion on. LOL

    My take on this (which is probably wrong) is this is a instruction set to basically wipe/remove/delete what ever update had been downloaded by windows auto update. The time frame involved corresponded with my auto-update.

    If I did not read that correctly I would appreciate any ideas.
     
    dannyboy 950, Apr 30, 2006
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...