Outbound UDP 64.4.25.80 to 64.4.25.87 port 3544

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

My PC (new Dell machine running Win XP Pro SP2) sends several Outbound UDP
packets at intervals of 10 to 15 minutes to IP addresses in the range
64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup" as
"baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86 seems to be
connected with

teredo.ipv6.microsoft. com (64.4.25.86,3544)

which is something to do with a transition arrangement for IP version 6.

The packets are sent from SVCHOST.exe.

I have now blocked them in my firewall, since I don't know what they are or
what they do.

I am unable to find out anything else, and want to know what program is
sending these packets, and why.

Can anyone help??

Don

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Download Ad-aware SE and scan your PC for the presence of spyware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Microsoft Windows AntiSpyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

"Desperate Don" wrote:

| My PC (new Dell machine running Win XP Pro SP2) sends several Outbound UDP
| packets at intervals of 10 to 15 minutes to IP addresses in the range
| 64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup" as
| "baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86 seems to be
| connected with
|
| teredo.ipv6.microsoft. com (64.4.25.86,3544)
|
| which is something to do with a transition arrangement for IP version 6.
|
| The packets are sent from SVCHOST.exe.
|
| I have now blocked them in my firewall, since I don't know what they are or
| what they do.
|
| I am unable to find out anything else, and want to know what program is
| sending these packets, and why.
|
| Can anyone help??
|
| Don

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Don, don't worry, what you're seeing is not the behavior of any malware.

Your computer has the advanced networking pack and an IPv6 stack installed.
Traffic to port 3544/udp is called "Teredo," a specification for tunneling
IPv6 traffic inside IPv4. Your computer is only checking to make sure a public
6-to-4 gateway is available, one we run.

Unless you're experimenting with IPv6, it's best just to remove it. Go to
Control Panel | Network Connections. Right-click on your LAN adapter and
choose Properties. You'll see Microsoft TCP/IP version 6 in the list; just
remove it.

Steve Riley
steriley@microsoft.com



> Download Ad-aware SE and scan your PC for the presence of spyware:
> http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage
> &tag=button
>
> Symantec Security Check
> http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
> Microsoft Windows AntiSpyware
> http://www.microsoft.com/athome/security/spyware/software/default.mspx
> Be Smart! Protect Your PC!
> http://www.microsoft.com/athome/security/protect/default.aspx
> ----------------------------------------------------------------------
> ------
>
> "Desperate Don" wrote:
>
> | My PC (new Dell machine running Win XP Pro SP2) sends several
> Outbound UDP
> | packets at intervals of 10 to 15 minutes to IP addresses in the
> range
> | 64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup"
> as
> | "baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86
> seems to be
> | connected with
> |
> | teredo.ipv6.microsoft. com (64.4.25.86,3544)
> |
> | which is something to do with a transition arrangement for IP
> version 6.
> |
> | The packets are sent from SVCHOST.exe.
> |
> | I have now blocked them in my firewall, since I don't know what they
> are or
> | what they do.
> |
> | I am unable to find out anything else, and want to know what program
> is
> | sending these packets, and why.
> |
> | Can anyone help??
> |
> | Don

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Steve. Deleting IPv6 has stopped the outbound packets.

Don


"Steve Riley [MSFT]" wrote:

> Don, don't worry, what you're seeing is not the behavior of any malware.
>
> Your computer has the advanced networking pack and an IPv6 stack installed.
> Traffic to port 3544/udp is called "Teredo," a specification for tunneling
> IPv6 traffic inside IPv4. Your computer is only checking to make sure a public
> 6-to-4 gateway is available, one we run.
>
> Unless you're experimenting with IPv6, it's best just to remove it. Go to
> Control Panel | Network Connections. Right-click on your LAN adapter and
> choose Properties. You'll see Microsoft TCP/IP version 6 in the list; just
> remove it.
>
> Steve Riley
> steriley@microsoft.com
>
>
>
> > Download Ad-aware SE and scan your PC for the presence of spyware:
> > http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage
> > &tag=button
> >
> > Symantec Security Check
> > http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
> > Microsoft Windows AntiSpyware
> > http://www.microsoft.com/athome/security/spyware/software/default.mspx
> > Be Smart! Protect Your PC!
> > http://www.microsoft.com/athome/security/protect/default.aspx
> > ----------------------------------------------------------------------
> > ------
> >
> > "Desperate Don" wrote:
> >
> > | My PC (new Dell machine running Win XP Pro SP2) sends several
> > Outbound UDP
> > | packets at intervals of 10 to 15 minutes to IP addresses in the
> > range
> > | 64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup"
> > as
> > | "baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86
> > seems to be
> > | connected with
> > |
> > | teredo.ipv6.microsoft. com (64.4.25.86,3544)
> > |
> > | which is something to do with a transition arrangement for IP
> > version 6.
> > |
> > | The packets are sent from SVCHOST.exe.
> > |
> > | I have now blocked them in my firewall, since I don't know what they
> > are or
> > | what they do.
> > |
> > | I am unable to find out anything else, and want to know what program
> > is
> > | sending these packets, and why.
> > |
> > | Can anyone help??
> > |
> > | Don
>
>
>