Hello, I have been dealing with this issue for several days now ever since Microsoft removed XP support from their list of supported product and I wanted to see if anyone knows what it means. First of all, the details of my setup. I have a Firewall which is protecting my AD domain network. This is a closed network with no servers on the other side of the firewall and no DMZ. It all started last week when I began to see an alert for DNS queries in the firewall logs. I thought I might have been the victim of a DNS attack, so I analyzed the packets. What surprised me is what I found in the packets and the main reason I even considered posting here. It seems it is coming from Windows Update. Of course they are Win 7 boxes since I am posting here. The outgoing query had this as a hex dump: "*.......update.microsoft.* *com.nsatc.net......!....* The incoming responses from the ISP's DNS server were slightly different: "*.......update.microsoft.* *com.nsatc.net......!....* *...o...admin.!.fixme.exa* *mple.com.SE....*0.....6.*" Does anyone have any idea what the "fixme" means inside of the hex dump? It looks to be the cause of the alerts as the "example.com" inside of the packet registers as an attack signature. Something is obviously wrong, but I am not sure where to start looking. Should I contact my ISP or do I need to do something to the configuration of automatic updates for the workstations? All searches on the internet for anything even remotely resembling this have turned up empty. Again, this all started after Microsoft changed their updates to no longer support XP. I would really appreciate any insight I can get here since it is about to drive me insane. Thanks
My Computer
- Computer type
- PC/Desktop
- OS
- win 7 pro 32 bit
