Re: SPOOLSV.EXE

[siljaline]

On Wed, 06 Aug 2003 05:14:30 GMT, "Steve" <srhaymesslaysspam@comcast.net> wrote:

>Can anyone tell me what SPOOLSV.EXE is and if I should let it through my
>firewall?

Print and fax "spooler" executable - Microsoft.

Disallow "phone home". Doesn't need to. If it does, track the IP's the connect
out to are from your ZA logs or alerts and post them here or run a whois at
samspade http://www.samspade.org/t/

HTH



--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[mto]

"siljaline" <siljaline@invalid.com> wrote in message
news:t251jvkqd7ab0oj7n8hsk513fttv0cbdtd@4ax.com...
> On Wed, 06 Aug 2003 05:14:30 GMT, "Steve" <srhaymesslaysspam@comcast.net>
wrote:
>
> >Can anyone tell me what SPOOLSV.EXE is and if I should let it through my
> >firewall?
>
> Print and fax "spooler" executable - Microsoft.
>
> Disallow "phone home". Doesn't need to. If it does, track the IP's the
connect
> out to are from your ZA logs or alerts and post them here or run a whois
at
> samspade http://www.samspade.org/t/
>
> HTH

Glad to hear you say that siljaline. Been wondering why on earth Windows
Explorer would be trying to connect to 62.211.180.7:80 and 62.211.180.14:80
and why Messenger tries every 2 minutes or so to connect to my own IP#, port
1900, even though it is shut off every which way to Sunday.

Pretty irritating since in order to see alert notifications I have to click
the miserable thing every minute or so to shut those two up or check
manually. And the sheer waste of system resources has steam coming out my
ears.

Messenger on XP will not, BTW, allow you to shut it down if you have OE
open - claims that the program is "using features provided by Messenger and
that they will not work properly." Microsoft site gives instructions to
remove it but then states that OE, IE and so forth will no longer work.

address digger says -
<quote>
dns 63.211.180.7


63.211.180.7 has dubious reverse DNS of unknown.Level3.net - which is a
valid hostname, but not one that resolves to 63.211.180.7



whois -h magic 63.211.180.7
Trying whois -h whois.arin.net 63.211.180.7

OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

NetRange: 63.208.0.0 - 63.215.255.255
CIDR: 63.208.0.0/13
NetName: LEVEL4-CIDR
NetHandle: NET-63-208-0-0-1
Parent: NET-63-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-05-28
Updated: 2001-05-30

TechHandle: LC-ORG-ARIN
TechName: level Communications
TechPhone: +1-877-453-8353
TechEmail: ipaddressing@level3.com

OrgAbuseHandle: APL8-ARIN
OrgAbuseName: Abuse POC LVLT
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com

OrgTechHandle: TPL1-ARIN
OrgTechName: Tech POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipaddressing@level3.com

# ARIN WHOIS database, last updated 2003-08-05 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
<end>

Info for both IP #'s comes up the same.

Google of Level 3 Communications, Inc. comes up as follows -

Level 3 Communications, Inc. - http://www.level3.com
.... Jul 02, 2003, Level 3 Prices $325 Million of 2.875% Convertible Senior
Notes. © 2003 by Level 3 Communications, Inc. All rights reserved. ...
Description: Holding company with subsidiaries which offer computer
operations outsoursing and systems integration...

[Dick Hazeleger]

mto wrote:

>
> "siljaline" <siljaline@invalid.com> wrote in message
> news:t251jvkqd7ab0oj7n8hsk513fttv0cbdtd@4ax.com...
> > On Wed, 06 Aug 2003 05:14:30 GMT, "Steve"
> > <srhaymesslaysspam@comcast.net>
> wrote:
> >
> > >Can anyone tell me what SPOOLSV.EXE is and if I should let it
> > through my >firewall?
> >
> > Print and fax "spooler" executable - Microsoft.
> >
> > Disallow "phone home". Doesn't need to. If it does, track the IP's
> > the
> connect
> > out to are from your ZA logs or alerts and post them here or run a
> > whois
> at
> > samspade http://www.samspade.org/t/
> >
> > HTH
>
> Glad to hear you say that siljaline. Been wondering why on earth
> Windows Explorer would be trying to connect to 62.211.180.7:80 and
> 62.211.180.14:80 and why Messenger tries every 2 minutes or so to
> connect to my own IP#, port 1900, even though it is shut off every
> which way to Sunday.
>
> Pretty irritating since in order to see alert notifications I have to
> click the miserable thing every minute or so to shut those two up or
> check manually. And the sheer waste of system resources has steam
> coming out my ears.
>
> Messenger on XP will not, BTW, allow you to shut it down if you have
> OE open - claims that the program is "using features provided by
> Messenger and that they will not work properly." Microsoft site
> gives instructions to remove it but then states that OE, IE and so
> forth will no longer work.
>
> address digger says -
> <quote>
> dns 63.211.180.7
>
>
> 63.211.180.7 has dubious reverse DNS of unknown.Level3.net - which is
> a valid hostname, but not one that resolves to 63.211.180.7
>
>
>
> whois -h magic 63.211.180.7
> Trying whois -h whois.arin.net 63.211.180.7
>
> OrgName: Level 3 Communications, Inc.
> OrgID: LVLT
> Address: 1025 Eldorado Blvd.
> City: Broomfield
> StateProv: CO
> PostalCode: 80021
> Country: US
>
> NetRange: 63.208.0.0 - 63.215.255.255
> CIDR: 63.208.0.0/13
> NetName: LEVEL4-CIDR
> NetHandle: NET-63-208-0-0-1
> Parent: NET-63-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1.LEVEL3.NET
> NameServer: NS2.LEVEL3.NET
> Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
> RegDate: 1999-05-28
> Updated: 2001-05-30
>
> TechHandle: LC-ORG-ARIN
> TechName: level Communications
> TechPhone: +1-877-453-8353
> TechEmail: ipaddressing@level3.com
>
> OrgAbuseHandle: APL8-ARIN
> OrgAbuseName: Abuse POC LVLT
> OrgAbusePhone: +1-877-453-8353
> OrgAbuseEmail: abuse@level3.com
>
> OrgTechHandle: TPL1-ARIN
> OrgTechName: Tech POC LVLT
> OrgTechPhone: +1-877-453-8353
> OrgTechEmail: ipaddressing@level3.com
>
> # ARIN WHOIS database, last updated 2003-08-05 19:15
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> <end>
>
> Info for both IP #'s comes up the same.
>
> Google of Level 3 Communications, Inc. comes up as follows -
>
> Level 3 Communications, Inc. - http://www.level3.com
> ... Jul 02, 2003, Level 3 Prices $325 Million of 2.875% Convertible
> Senior Notes. ) 2003 by Level 3 Communications, Inc. All rights
> reserved. ... Description: Holding company with subsidiaries which
> offer computer operations outsoursing and systems integration...

Have a search in Google>>Newsgroups>>NANAE on Level3... you will have a
nice surprise!

Dick

[mto]

"Dick Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote in message
news:vj393q2kqr7ecf@corp.supernews.com...
> mto wrote:
>
> >
> > "siljaline" <siljaline@invalid.com> wrote in message
> > news:t251jvkqd7ab0oj7n8hsk513fttv0cbdtd@4ax.com...
> > > On Wed, 06 Aug 2003 05:14:30 GMT, "Steve"
> > > <srhaymesslaysspam@comcast.net>
> > wrote:
> > >
> > > >Can anyone tell me what SPOOLSV.EXE is and if I should let it
> > > through my >firewall?
> > >
> > > Print and fax "spooler" executable - Microsoft.
> > >
> > > Disallow "phone home". Doesn't need to. If it does, track the IP's
> > > the
> > connect
> > > out to are from your ZA logs or alerts and post them here or run a
> > > whois
> > at
> > > samspade http://www.samspade.org/t/
> > >
> > > HTH
> >
> > Glad to hear you say that siljaline. Been wondering why on earth
> > Windows Explorer would be trying to connect to 62.211.180.7:80 and
> > 62.211.180.14:80 and why Messenger tries every 2 minutes or so to
> > connect to my own IP#, port 1900, even though it is shut off every
> > which way to Sunday.
> >
<SNIP>
> >
> > address digger says -
> > <quote>
> > dns 63.211.180.7
> >
> >
> > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net - which is
> > a valid hostname, but not one that resolves to 63.211.180.7
> >
> >
> >
> > whois -h magic 63.211.180.7
> > Trying whois -h whois.arin.net 63.211.180.7
> >
> > OrgName: Level 3 Communications, Inc.
> > OrgID: LVLT
> > Address: 1025 Eldorado Blvd.
> > City: Broomfield
> > StateProv: CO
> > PostalCode: 80021
> > Country: US
<SNIP>
> Have a search in Google>>Newsgroups>>NANAE on Level3... you will have a
> nice surprise!
>
> Dick

OK! So Level 3 is a known spam-haven. Wonderful - and the next
question is why is Windows Explorer trying to phone home to them every
couple of minutes -

AdAware, SpyBot & antivirus updated an hour ago all read clean. Checked all
of the email accounts for html email or undeleted trash. Clean everywhere.
Found a spider.sav file in My Documents & investigated/deleted that. After
each of the above the warning reappeared, so it isn't any of those.

Cleared all the files from Temp Internet and reduced cache size to 100 MB.
About to go get a dedicated trojan detector.

Further ideas?

[mto]

"mto" <nobody@dontsendmeanyspam.com> wrote in message
news:C3CdnaCAs_06pa-iXTWJgA@seg.net...
<SNIP>
>>>Been wondering why on earth
> > > Windows Explorer would be trying to connect to 62.211.180.7:80 and
> > > 62.211.180.14:80 and why Messenger tries every 2 minutes or so to
> > > connect to my own IP#, port 1900, even though it is shut off every
> > > which way to Sunday.
> > >
> <SNIP>
> > >
> > > address digger says -
> > > <quote>
> > > dns 63.211.180.7
> > >
> > >
> > > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net - which is
> > > a valid hostname, but not one that resolves to 63.211.180.7
> > >
> > >
> > >
> > > whois -h magic 63.211.180.7
> > > Trying whois -h whois.arin.net 63.211.180.7
> > >
> > > OrgName: Level 3 Communications, Inc.
> > > OrgID: LVLT
> > > Address: 1025 Eldorado Blvd.
> > > City: Broomfield
> > > StateProv: CO
> > > PostalCode: 80021
> > > Country: US
> <SNIP>
> > Have a search in Google>>Newsgroups>>NANAE on Level3... you will have a
> > nice surprise!
> >
> > Dick
>
> OK! So Level 3 is a known spam-haven. Wonderful - and the next
> question is why is Windows Explorer trying to phone home to them every
> couple of minutes -
>
> AdAware, SpyBot & antivirus updated an hour ago all read clean. Checked
all
> of the email accounts for html email or undeleted trash. Clean
everywhere.
> Found a spider.sav file in My Documents & investigated/deleted that.
After
> each of the above the warning reappeared, so it isn't any of those.
>
> Cleared all the files from Temp Internet and reduced cache size to 100 MB.
> About to go get a dedicated trojan detector.
>
> Further ideas?

In playing around I have found that the Windows Explorer outgoing connection
attempts seem to all be connected to page loading at MSNBC.com.

[Dick Hazeleger]

mto wrote:

>
> "mto" <nobody@dontsendmeanyspam.com> wrote in message
> news:C3CdnaCAs_06pa-iXTWJgA@seg.net...
> <SNIP>
> >>>Been wondering why on earth
> > > > Windows Explorer would be trying to connect to 62.211.180.7:80
> > > > and 62.211.180.14:80 and why Messenger tries every 2 minutes or
> > > > so to connect to my own IP#, port 1900, even though it is shut
> > > > off every which way to Sunday.
> > > >
> > <SNIP>
> > > >
> > > > address digger says -
> > > > <quote>
> > > > dns 63.211.180.7
> > > >
> > > >
> > > > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net -
> > > > which is a valid hostname, but not one that resolves to
> > > > 63.211.180.7
> > > >
> > > >
> > > >
> > > > whois -h magic 63.211.180.7
> > > > Trying whois -h whois.arin.net 63.211.180.7
> > > >
> > > > OrgName: Level 3 Communications, Inc.
> > > > OrgID: LVLT
> > > > Address: 1025 Eldorado Blvd.
> > > > City: Broomfield
> > > > StateProv: CO
> > > > PostalCode: 80021
> > > > Country: US
> > <SNIP>
> > > Have a search in Google>>Newsgroups>>NANAE on Level3... you will
> > > have a nice surprise!
> > >
> > > Dick
> >
> > OK! So Level 3 is a known spam-haven. Wonderful - and the next
> > question is why is Windows Explorer trying to phone home to them
> > every couple of minutes -
> >
> > AdAware, SpyBot & antivirus updated an hour ago all read clean.
> > Checked
> all
> > of the email accounts for html email or undeleted trash. Clean
> everywhere.
> > Found a spider.sav file in My Documents & investigated/deleted that.
> After
> > each of the above the warning reappeared, so it isn't any of those.
> >
> > Cleared all the files from Temp Internet and reduced cache size to
> > 100 MB. About to go get a dedicated trojan detector.
> >
> > Further ideas?
>
> In playing around I have found that the Windows Explorer outgoing
> connection attempts seem to all be connected to page loading at
> MSNBC.com.

In addition, it seems that people in the USA who use a FW get
"hammered" by IP's that trace back to L3... wonder what they are up
to... trojan install?

OK, back to your problem... MTO, did you install some kind of "handy
dandy" search bar, newsfeature, weather program, etc (you know what
type I mean)?

Did you search the registry for this page? What kind of page is loaded?
Ads, news, MS stuff... this could give a hint in the right direction...

See ya later guys and gals, I'm almost "done" in this temperature.

Dick

[mto]

"Dick Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote in message
news:vj7q83kachq68@corp.supernews.com...
> mto wrote:
>
> >
> > "mto" <nobody@dontsendmeanyspam.com> wrote in message
> > news:C3CdnaCAs_06pa-iXTWJgA@seg.net...
> > <SNIP>
> > >>>Been wondering why on earth
> > > > > Windows Explorer would be trying to connect to 62.211.180.7:80
> > > > > and 62.211.180.14:80 and why Messenger tries every 2 minutes or
> > > > > so to connect to my own IP#, port 1900, even though it is shut
> > > > > off every which way to Sunday.
> > > > >
> > > <SNIP>
> > > > >
> > > > > address digger says -
> > > > > <quote>
> > > > > dns 63.211.180.7
> > > > >
> > > > >
> > > > > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net -
> > > > > which is a valid hostname, but not one that resolves to
> > > > > 63.211.180.7
> > > > >
> > > > >
> > > > >
> > > > > whois -h magic 63.211.180.7
> > > > > Trying whois -h whois.arin.net 63.211.180.7
> > > > >
> > > > > OrgName: Level 3 Communications, Inc.
> > > > > OrgID: LVLT
> > > > > Address: 1025 Eldorado Blvd.
> > > > > City: Broomfield
> > > > > StateProv: CO
> > > > > PostalCode: 80021
> > > > > Country: US
> > > <SNIP>
> > > > Have a search in Google>>Newsgroups>>NANAE on Level3... you will
> > > > have a nice surprise!
> > > >
> > > > Dick
> > >
> > > OK! So Level 3 is a known spam-haven. Wonderful - and the next
> > > question is why is Windows Explorer trying to phone home to them
> > > every couple of minutes -
> > >
> > > AdAware, SpyBot & antivirus updated an hour ago all read clean.
> > > Checked
> > all
> > > of the email accounts for html email or undeleted trash. Clean
> > everywhere.
> > > Found a spider.sav file in My Documents & investigated/deleted that.
> > After
> > > each of the above the warning reappeared, so it isn't any of those.
> > >
> > > Cleared all the files from Temp Internet and reduced cache size to
> > > 100 MB. About to go get a dedicated trojan detector.
> > >
> > > Further ideas?
> >
> > In playing around I have found that the Windows Explorer outgoing
> > connection attempts seem to all be connected to page loading at
> > MSNBC.com.
>
> In addition, it seems that people in the USA who use a FW get
> "hammered" by IP's that trace back to L3... wonder what they are up
> to... trojan install?

Don't seem to be being hammered by an IP from outside in - this is all
outgoing traffic.

> OK, back to your problem... MTO, did you install some kind of "handy
> dandy" search bar, newsfeature, weather program, etc (you know what
> type I mean)?

Not on your life! Installed nothing new whatever.


> Did you search the registry for this page? What kind of page is loaded?
> Ads, news, MS stuff... this could give a hint in the right direction...

Haven't searched the registry - guess I've got to download Hijack This since
everything comes up clean EXCEPT for the salient fact that within the last 2
hours Zone Alarm got literally wiped except for the alert logs. Every
single thing turned off, all the blocked sites, privacy settings gone. Went
to a very limited # of webpages so set all the security even yet higher,
turned off everything possible to turn off and will see if I can track it
down.

> See ya later guys and gals, I'm almost "done" in this temperature.
>
> Dick

Yeah, I hear that you are baking Like my Dad always says though - easy
to get cold in the summer, just jump in the water. It's the winter cold
that costs you.

MTO, writing from cold showers are us (though not as bad as last year here.)

[Dick Hazeleger]

mto wrote:

>
> "Dick Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote in message
> news:vj7q83kachq68@corp.supernews.com...
> > mto wrote:
> >
> > >
> > > "mto" <nobody@dontsendmeanyspam.com> wrote in message
> > > news:C3CdnaCAs_06pa-iXTWJgA@seg.net...
> > > <SNIP>
> > > >>>Been wondering why on earth
> > > > > > Windows Explorer would be trying to connect to
> > > > > > 62.211.180.7:80 and 62.211.180.14:80 and why Messenger
> > > > > > tries every 2 minutes or so to connect to my own IP#, port
> > > > > > 1900, even though it is shut off every which way to Sunday.
> > > > > >
> > > > <SNIP>
> > > > > >
> > > > > > address digger says -
> > > > > > <quote>
> > > > > > dns 63.211.180.7
> > > > > >
> > > > > >
> > > > > > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net -
> > > > > > which is a valid hostname, but not one that resolves to
> > > > > > 63.211.180.7
> > > > > >
> > > > > >
> > > > > >
> > > > > > whois -h magic 63.211.180.7
> > > > > > Trying whois -h whois.arin.net 63.211.180.7
> > > > > >
> > > > > > OrgName: Level 3 Communications, Inc.
> > > > > > OrgID: LVLT
> > > > > > Address: 1025 Eldorado Blvd.
> > > > > > City: Broomfield
> > > > > > StateProv: CO
> > > > > > PostalCode: 80021
> > > > > > Country: US
> > > > <SNIP>
> > > > > Have a search in Google>>Newsgroups>>NANAE on Level3... you
> > > > > will have a nice surprise!
> > > > >
> > > > > Dick
> > > >
> > > > OK! So Level 3 is a known spam-haven. Wonderful - and the
> > > > next question is why is Windows Explorer trying to phone home
> > > > to them every couple of minutes -
> > > >
> > > > AdAware, SpyBot & antivirus updated an hour ago all read clean.
> > > > Checked
> > > all
> > > > of the email accounts for html email or undeleted trash. Clean
> > > everywhere.
> > > > Found a spider.sav file in My Documents & investigated/deleted
> > > > that.
> > > After
> > > > each of the above the warning reappeared, so it isn't any of
> > > > those.
> > > >
> > > > Cleared all the files from Temp Internet and reduced cache size
> > > > to 100 MB. About to go get a dedicated trojan detector.
> > > >
> > > > Further ideas?
> > >
> > > In playing around I have found that the Windows Explorer outgoing
> > > connection attempts seem to all be connected to page loading at
> > > MSNBC.com.
> >
> > In addition, it seems that people in the USA who use a FW get
> > "hammered" by IP's that trace back to L3... wonder what they are up
> > to... trojan install?
>
> Don't seem to be being hammered by an IP from outside in - this is all
> outgoing traffic.
>
> > OK, back to your problem... MTO, did you install some kind of "handy
> > dandy" search bar, newsfeature, weather program, etc (you know what
> > type I mean)?
>
> Not on your life! Installed nothing new whatever.
>
>
> > Did you search the registry for this page? What kind of page is
> > loaded? Ads, news, MS stuff... this could give a hint in the right
> > direction...
>
> Haven't searched the registry - guess I've got to download Hijack
> This since everything comes up clean EXCEPT for the salient fact that
> within the last 2 hours Zone Alarm got literally wiped except for the
> alert logs. Every single thing turned off, all the blocked sites,
> privacy settings gone. Went to a very limited # of webpages so set
> all the security even yet higher, turned off everything possible to
> turn off and will see if I can track it down.
>
> > See ya later guys and gals, I'm almost "done" in this temperature.
> >
> > Dick
>
> Yeah, I hear that you are baking Like my Dad always says though -
> easy to get cold in the summer, just jump in the water. It's the
> winter cold that costs you.
>
> MTO, writing from cold showers are us (though not as bad as last year
> here.)

But that is a completely different situation then your browser going to
MSNBC (although annoying) every time... This looks more like a virus or
trojan... Did you have a look at processes and/or services running,
Kaperski has a nice (free) tool for that... no install, just run it;
then of course a scan with (even a trial) of a Trojan detector like
TDS3 wouldn't hurt (although it takes time, lots of it...). Since I
don't know what OS flavor you're running, I cannot give you the obvious
advice: scan from DOS with for instance F-Prot (with updated reference
files of course), but if you could do so... that too won't hurt...

I hope you'll find what the problem is and will be able to make it a
"dead problem"!

Yes, we are "baking" here; even the water is getting too warm now (if
available), at some places the water is dangerously low and farmers are
not allowed to water their crops on our sandy grounds... (the part
where I am living); it's really bad in Europe right now...

If you have enough of those showers and cold winds... send them over to
us, we would welcome them ;-D

Dick

[jspud johnson]

On Sat, 9 Aug 2003 11:26:10 -0400, "mto"
<nobody@dontsendmeanyspam.com> wrote:

>
>"Dick Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote in message
>news:vj9qb8ep3cf68c@corp.supernews.com...
>> Hi MTO,
>>
>> I hope you'll be able to tell us a bit more when you read this!There
>> must be something causing this odd behavior (Some ActiveX component
>> that got through?)... I have ActiveX, Flash and what the hell they
>> think of more on "Automatic Reject" here.
>
>Ran TrojanHunter last night - everything came up squeaky clean. Meanwhile
>the contstant attempts to connect by Windows Explorer have stopped - even
>when I visit what remains of MSNBC (no windows across domains, no activeX,
>no plugins, no java, and no javascript). I suspect the culprit was an msnbc
>page in the cache - scripts I think, since turning those off completely is
>the only other "new" thing. Whatever I have done also seems to have turned
>off frames, at least at msnbc.
>
>Messenger is still trying to connect every minute or two. Every time I
>click on a mail/news subject line, every time I click a link in a webpage.
>And XP will NOT let me shut down Messenger even though I am logged out
>claiming that OE and IE are using it. No clue what it is IE & OE are using
>it for though. Bothers me. Never had any problems shutting down Messenger
>until this XP. Now it seems to have been integrated into the OS. Makes me
>really wonder what it is the Justice Department took as a "settlement" for
>antitrust violations from Microsoft, since things apparently have gotten
>worse instead of better. Hoping the EU does better!
>
>> I heard of temperatures of 50 degrees Celsius (122 Fahrenheit) in
>> Spain,
>
>Ouch - that is as bad as the US Southwest during a bad year. Did you read
>the piece about the current mythology re American/British troops that has
>become "truth" in Iraq? The X-Ray sunglasses that let them see through
>women's clothes, the map showing every house in Iraq they wear in their
>helmet, and the AIR CONDITIONED underwear?? (ROFLMAO) Guess people
>elsewhere don't realize that some of the hottest places on the face of the
>earth are right here in the good ol' USA and many of our military bases are
>smack dab in the middle of them.
>
>here it is "just" 30 plus (86 + Fahrenheit)...
>
>Well now, that isn't so bad - about like here. You can keep your home
>cooler by drawing down the shades and closing the drapes on any windows that
>are in the sun. I've managed an "icebox" in one room towards the back of
>the house that has dark paneling and little afternoon sun with the aid of
>just a window fan.
>
>If all else fails, pretend that you live in the Deep South and lay around in
>the shade sipping iced tea or Mint Julep till after sundown. Ha!
>
>Cheers!
>mto
>
>PS - great site BTW, and thanks for the no javascript version.
>

Try shoothemessenger from gibson research.
http://grc.com/stm/ShootTheMessenger.htm


--
JSpud

[mto]

Okay - every single one of those Microsoft Windows rejects specifies Port
1900, which IANA lists as

"ssdp 1900/udp SSDP"

SSDP = "Simple Service Discovery Protocol" - has to do with
networking/multicasting (which is installed by default in XP.) The protocol
is at http://www.upnp.org/download/draft_cai_ssdp_v1_03.txt

That states - among much else that I am not engineer enough to interpret -

" Discovery occurs when a SSDP client multicasts a HTTP UDP discovery
request to the SSDP multicast channel/Port. SSDP services listen to
the SSDP multicast channel/Port in order to hear such discovery
requests. If a SSDP service hears a HTTP UDP discovery request that
matches the service it offers then it will respond using a unicast
HTTP UDP response. "

What do you think? Bug in the OS?