Outbound UDP 64.4.25.80 to 64.4.25.87 port 3544


G

Guest

My PC (new Dell machine running Win XP Pro SP2) sends several Outbound UDP
packets at intervals of 10 to 15 minutes to IP addresses in the range
64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup" as
"baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86 seems to be
connected with

teredo.ipv6.microsoft. com (64.4.25.86,3544)

which is something to do with a transition arrangement for IP version 6.

The packets are sent from SVCHOST.exe.

I have now blocked them in my firewall, since I don't know what they are or
what they do.

I am unable to find out anything else, and want to know what program is
sending these packets, and why.

Can anyone help??

Don
 
Ad

Advertisements

C

Carey Frisch [MVP]

Download Ad-aware SE and scan your PC for the presence of spyware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Microsoft Windows AntiSpyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| My PC (new Dell machine running Win XP Pro SP2) sends several Outbound UDP
| packets at intervals of 10 to 15 minutes to IP addresses in the range
| 64.4.25.80 to 64.4.25.87 port 3544. The addresses "reverse lookup" as
| "baym-td4.baym.hotmail. com" or similar. The address 64.4.25.86 seems to be
| connected with
|
| teredo.ipv6.microsoft. com (64.4.25.86,3544)
|
| which is something to do with a transition arrangement for IP version 6.
|
| The packets are sent from SVCHOST.exe.
|
| I have now blocked them in my firewall, since I don't know what they are or
| what they do.
|
| I am unable to find out anything else, and want to know what program is
| sending these packets, and why.
|
| Can anyone help??
|
| Don
 
S

Steve Riley [MSFT]

Don, don't worry, what you're seeing is not the behavior of any malware.

Your computer has the advanced networking pack and an IPv6 stack installed.
Traffic to port 3544/udp is called "Teredo," a specification for tunneling
IPv6 traffic inside IPv4. Your computer is only checking to make sure a public
6-to-4 gateway is available, one we run.

Unless you're experimenting with IPv6, it's best just to remove it. Go to
Control Panel | Network Connections. Right-click on your LAN adapter and
choose Properties. You'll see Microsoft TCP/IP version 6 in the list; just
remove it.

Steve Riley
(e-mail address removed)
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top