You are viewing a single comment's thread.

view the rest of the comments →

0
2

[–] gottobekind 0 points 2 points (+2|-0) ago 

This can't be blocked via local hosts.conf ip/port blocking or various other router or software based blocking? I'm sure it has all been tried, but I'm completely out of the loop on this issue. Thanks in advance for any insights!

0
7

[–] arrggg 0 points 7 points (+7|-0) ago 

I spent a few hours trying to lock down windows 10 enterprise LTSB, just to see if it was possible. Using all the currently available scripts for disabling features, turning off all monitoring and updating via gui and gpo, disable defender\cortana\updates, disabling the appstore, disable IPV6, change to opendns, and block all known microsoft hosts via the hosts file and routing table, it was still making connections out to microsoft servers.

191.238.241.80 spynetus.microsoft.akadns.net 157.56.106.184 win10.ipv6.microsoft.com.nsatc.net 134.170.165.253 fe2.update.microsoft.com.akadns.net 23.103.189.157 fe2.update.microsoft.com.akadns.net 191.232.139.253onesettings-db5.metron.live.com.nsatc.net 207.46.114.58 fe2.update.microsoft.com.akadns.net 134.170.165.248 fe2.update.microsoft.com.akadns.net 23.59.189.99 a1621.g.akamai.net

It got around a 200 ip hosts and routing table block list to make those connections. Spynetus was supposed to be windows defender updates, but defender was disable by gpo and the process was not active. It is also weird that it was connecting to akadns.net addresses.

This is acting like malware, trying to deliver info even if multiple routes are blocked.

0
2

[–] Fragnostus 0 points 2 points (+2|-0) ago 

I dislike windows practices as much as the next guy. Probably more, actually: 10y+ linux user. But I have to remain a little skeptical, because if this is true (and I have to admit I kinda hope it is) it's huge.

Is there any possibility that some of the scripts you used actually reset settings you changed?

Is it possible that some script you used actually deliberately tries to make it seem as if microsoft is spying? (as in a script by a troll)

I remember something from my security course:

The 3 rules of computer security:

  1. Don't own a computer.
  2. If you must own a computer, don't turn it on.
  3. If you must turn it on, don't connect it to the internet.

I'm breaking all of them right now :-/