On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
> "the 3rd party content providers that Microsoft uses" ?
> Your firewall should tell you that something is trying to call out, and ask
> if you want to allow it. You need to know what it is to know whether it
> should be doing that.
> Anthonyhttp://www.airdesk.com
>
> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>
> news:b1d906f4-b1ea-4e57-bfa9-0960a0fc7e6e@k2g2000yql.googlegroups.com...
>
> > In Windows Professional 2000, svchost connects out to Limelight
> > Networks port 80.  A bit of surfing indicates that this might be a
> > check for updates.  How do users of 3rd party firewalls keep on top of
> > the 3rd party content providers that Microsoft uses?  The rules must
> > be constantly updated.

"AndyHancock" <AndyMHanc***@gmail.com> wrote in message
news:fcf8c069-3571-41dd-bcd5-3b5916d38b7b@x6g2000vbg.googlegroups.com...
> Hello, Anthony,
>
> I'm not clear about your last post.
>
> Are you asking for clarification of what I meant by "the 3rd party
> content providers that Microsoft uses"?
>
> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
> svchost is trying to connect out to Limelight Networks port 80.  The
> rest of my sleuthing is as I describe in the original post.  I have no
> further details.
>
> If this is Windows checking for updates, it must a common problem,
> endemic to users with third party firewalls.  So I was wondering what
> the established practice is to recognize such checks for updates, and
> to keep firewall rules that permit such checks synchronized with the
> IP addresses used for such checks by the content distributors on
> behalf of Microsoft.
>
> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>> "the 3rd party content providers that Microsoft uses" ?
>> Your firewall should tell you that something is trying to call out, and
>> ask
>> if you want to allow it. You need to know what it is to know whether it
>> should be doing that.
>> Anthony

>>
>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>
>> news:b1d906f4-b1ea-4e57-bfa9-0960a0fc7e6e@k2g2000yql.googlegroups.com...
>>
>> > In Windows Professional 2000, svchost connects out to Limelight
>> > Networks port 80. A bit of surfing indicates that this might be a
>> > check for updates. How do users of 3rd party firewalls keep on top of
>> > the 3rd party content providers that Microsoft uses? The rules must
>> > be constantly updated.
>

On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
> Andy, Limelight is a third party product going out to check for
> updates. Kerio is alerting you to that. There is no connection with
> Microsoft.
>
> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>
>> Hello, Anthony,
>
>> I'm not clear about your last post.
>>
>> Are you asking for clarification of what I meant by "the 3rd party
>> content providers that Microsoft uses"?
>>
>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
>> svchost is trying to connect out to Limelight Networks port 80.
>> The rest of my sleuthing is as I describe in the original post.  I
>> have no further details.
>>
>> If this is Windows checking for updates, it must a common problem,
>> endemic to users with third party firewalls.  So I was wondering
>> what the established practice is to recognize such checks for
>> updates, and to keep firewall rules that permit such checks
>> synchronized with the IP addresses used for such checks by the
>> content distributors on behalf of Microsoft.
>>
>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>> firewall should tell you that something is trying to call out, and
>>> ask if you want to allow it. You need to know what it is to know
>>> whether it should be doing that.
>>>
>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>> In Windows Professional 2000, svchost connects out to Limelight
>>>> Networks port 80. A bit of surfing indicates that this might be a
>>>> check for updates. How do users of 3rd party firewalls keep on
>>>> top of the 3rd party content providers that Microsoft uses? The
>>>> rules must be constantly updated.

"AndyHancock" <AndyMHanc***@gmail.com> wrote in message
news:3217a645-b82a-4d21-9cb9-6dc1da876316@z9g2000yqi.googlegroups.com...
> Anthony,
>
> Limelight is a content dissemintaor, not a product or process running
> on the computer.
>
> I agree that Kerio is alerting me to an outgoing connection, as I
> describe that in my last post.
>
> As per my last post, I was wondering how one can determine whether the
> outgoing connection is a check for Windows updates.
>
> I was also curious as to how you determined that there is no
> connection with Microsoft.  The gist of the thread is how users in
> general can keep their firewall rules updated so as to permit Windows
> checks for updates.  Knowing the content providers and the IP address
> blocks would be one part of achieving this.  Automated assistance in
> keeping the rules synchronized with the changing list of IP addresses
> would be another part of the solution.
>
> Thanks.
>
> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>> Andy, Limelight is a third party product going out to check for
>> updates. Kerio is alerting you to that. There is no connection with
>> Microsoft.
>>
>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>
>>> Hello, Anthony,
>>
>>> I'm not clear about your last post.
>>>
>>> Are you asking for clarification of what I meant by "the 3rd party
>>> content providers that Microsoft uses"?
>>>
>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
>>> svchost is trying to connect out to Limelight Networks port 80.
>>> The rest of my sleuthing is as I describe in the original post.  I
>>> have no further details.
>>>
>>> If this is Windows checking for updates, it must a common problem,
>>> endemic to users with third party firewalls.  So I was wondering
>>> what the established practice is to recognize such checks for
>>> updates, and to keep firewall rules that permit such checks
>>> synchronized with the IP addresses used for such checks by the
>>> content distributors on behalf of Microsoft.
>>>
>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>> firewall should tell you that something is trying to call out, and
>>>> ask if you want to allow it. You need to know what it is to know
>>>> whether it should be doing that.
>>>>
>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>> In Windows Professional 2000, svchost connects out to Limelight
>>>>> Networks port 80. A bit of surfing indicates that this might be a
>>>>> check for updates. How do users of 3rd party firewalls keep on
>>>>> top of the 3rd party content providers that Microsoft uses? The
>>>>> rules must be constantly updated.

On Apr 14, 3:27 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
> Hi Andy,
> The check for windows updates will be from a hidden process
> wuauclt.exe running under a svchost process. Kerio should alert you
> to these so you can allow them. They will be going out to
> xxx.microsoft.com, so you can also restrict them to going out to
> those sites only if you want.  Here is an example for Sophos. I
> don't know the Kerio
> one.http://www.sophos.com/support/knowledgebase/article/17444.html
> There are no content providers or disseminators involved, so there
> is no list to keep updated,
> Hope that helps,
> Anthony http://www.airdesk.com
>
> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>> Anthony,
> >
>> Limelight is a content dissemintaor, not a product or process running
>> on the computer.
>>
>> I agree that Kerio is alerting me to an outgoing connection, as I
>> describe that in my last post.
>>
>> As per my last post, I was wondering how one can determine whether the
>> outgoing connection is a check for Windows updates.
>>
>> I was also curious as to how you determined that there is no
>> connection with Microsoft.  The gist of the thread is how users in
>> general can keep their firewall rules updated so as to permit Windows
>> checks for updates.  Knowing the content providers and the IP address
>> blocks would be one part of achieving this.  Automated assistance in
>> keeping the rules synchronized with the changing list of IP addresses
>> would be another part of the solution.
>>
>> Thanks.
>>
>> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>>> Andy, Limelight is a third party product going out to check for
>>> updates. Kerio is alerting you to that. There is no connection with
>>> Microsoft.
>>>
>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>>>
>>>> Hello, Anthony,
>>>>
>>>> I'm not clear about your last post.
>>>>
>>>> Are you asking for clarification of what I meant by "the 3rd party
>>>> content providers that Microsoft uses"?
>>>>
>>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
>>>> svchost is trying to connect out to Limelight Networks port 80.
>>>> The rest of my sleuthing is as I describe in the original post.  I
>>>> have no further details.
>>>>
>>>> If this is Windows checking for updates, it must a common problem,
>>>> endemic to users with third party firewalls.  So I was wondering
>>>> what the established practice is to recognize such checks for
>>>> updates, and to keep firewall rules that permit such checks
>>>> synchronized with the IP addresses used for such checks by the
>>>> content distributors on behalf of Microsoft.
>>>>
>>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>>> firewall should tell you that something is trying to call out, and
>>>>> ask if you want to allow it. You need to know what it is to know
>>>>> whether it should be doing that.
>>>>>
>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>>> In Windows Professional 2000, svchost connects out to Limelight
>>>>>> Networks port 80. A bit of surfing indicates that this might be a
>>>>>> check for updates. How do users of 3rd party firewalls keep on
>>>>>> top of the 3rd party content providers that Microsoft uses? The
>>>>>> rules must be constantly updated.

On Apr 14, 3:27 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:

> Hi Andy,
> The check for windows updates will be from a hidden process
> wuauclt.exe running under a svchost process. Kerio should alert you
> to these so you can allow them. They will be going out to
> xxx.microsoft.com, so you can also restrict them to going out to
> those sites only if you want.  Here is an example for Sophos. I
> don't know the Kerio
> one.http://www.sophos.com/support/knowledgebase/article/17444.html
> There are no content providers or disseminators involved, so there
> is no list to keep updated,
> Hope that helps,
> Anthonyhttp://www.airdesk.com

> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>> Anthony,

>> Limelight is a content dissemintaor, not a product or process running
>> on the computer.

>> I agree that Kerio is alerting me to an outgoing connection, as I
>> describe that in my last post.

>> As per my last post, I was wondering how one can determine whether the
>> outgoing connection is a check for Windows updates.

>> I was also curious as to how you determined that there is no
>> connection with Microsoft.  The gist of the thread is how users in
>> general can keep their firewall rules updated so as to permit Windows
>> checks for updates.  Knowing the content providers and the IP address
>> blocks would be one part of achieving this.  Automated assistance in
>> keeping the rules synchronized with the changing list of IP addresses
>> would be another part of the solution.

>> Thanks.

>> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>>> Andy, Limelight is a third party product going out to check for
>>> updates. Kerio is alerting you to that. There is no connection with
>>> Microsoft.

>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:

>>>> Hello, Anthony,

>>>> I'm not clear about your last post.

>>>> Are you asking for clarification of what I meant by "the 3rd party
>>>> content providers that Microsoft uses"?

>>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
>>>> svchost is trying to connect out to Limelight Networks port 80.
>>>> The rest of my sleuthing is as I describe in the original post.  I
>>>> have no further details.

>>>> If this is Windows checking for updates, it must a common problem,
>>>> endemic to users with third party firewalls.  So I was wondering
>>>> what the established practice is to recognize such checks for
>>>> updates, and to keep firewall rules that permit such checks
>>>> synchronized with the IP addresses used for such checks by the
>>>> content distributors on behalf of Microsoft.

>>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>>> firewall should tell you that something is trying to call out, and
>>>>> ask if you want to allow it. You need to know what it is to know
>>>>> whether it should be doing that.

>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>>> In Windows Professional 2000, svchost connects out to Limelight
>>>>>> Networks port 80. A bit of surfing indicates that this might be a
>>>>>> check for updates. How do users of 3rd party firewalls keep on
>>>>>> top of the 3rd party content providers that Microsoft uses? The
>>>>>> rules must be constantly updated.

"AndyHancock" <AndyMHanc***@gmail.com> wrote in message
news:a29b2dde-893e-47be-945f-2d6a86b9918a@e18g2000yqo.googlegroups.com...
> In addition to #2 below indicating that MS does indeed use what seem
> to be 3rd party servers, common MS apps like media player also use
> what seem to be 3rd party servers; Limelight Networks,
> http://whois.domaintools.com/213.199.149.164, aka llnw, associated
> with Level 3 below.
>
> This practice is making firewall rule management very difficult.
>
> ---------- Forwarded message ----------
> From: AndyHancock <AndyMHanc***@gmail.com>
> Date: Apr 15, 12:31 am
> Subject: MS outsource updates, complicates 3rd party firewall
> To: microsoft.public.win2000.general,
> microsoft.public.win2000.windows_update,
> microsoft.public.windows.networking.firewall,
> microsoft.public.windowsupdate
>
> Thanks, Anthony.  That does indeed help.  I looked up the three URLs
> provided at the sophos webpage your cited.
>
> 1. update.microsoft.com resolves to 207.46.21.123, which whois
> confirms
> is Microsoft.
>
> 2. download.microsoftupdates.com resolves to 208.73.210.121, which
> whois
> reveals to be Oversee.net (advertising).
>
> 3. windowsupdate.microsoft.com resolves to 207.46.18.94, which whois
> confirms is Microsoft.
>
> Strangely enough, I have found it necessary in the past to permit
> access to the following before updates would work properly.
>
> 4. Net Access Corp, 209.123.0.0 - 209.123.255.255
> 5. Level 3 Communications, 206.32.0.0 - 206.35.255.255
> 6. Akamai Technologies, 72.246.0.0 - 72.247.255.255
>
> I've disabled permissions #4 thru #6 to see if anything goes awry.
>
> It is #4 thru #6 that caused me to believe that Microsoft uses 3rd
> party content disseminators.  Even #2 seems to do this.
>
> On Apr 14, 3:27 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>
>> Hi Andy,
>> The check for windows updates will be from a hidden process
>> wuauclt.exe running under a svchost process. Kerio should alert you
>> to these so you can allow them. They will be going out to
>> xxx.microsoft.com, so you can also restrict them to going out to
>> those sites only if you want.  Here is an example for Sophos. I
>> don't know the Kerio
>> one.http://www.sophos.com/support/knowledgebase/article/17444.html
>> There are no content providers or disseminators involved, so there
>> is no list to keep updated,
>> Hope that helps,
>> Anthonyhttp://www.airdesk.com
>
>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>> Anthony,
>
>>> Limelight is a content dissemintaor, not a product or process running
>>> on the computer.
>
>>> I agree that Kerio is alerting me to an outgoing connection, as I
>>> describe that in my last post.
>
>>> As per my last post, I was wondering how one can determine whether the
>>> outgoing connection is a check for Windows updates.
>
>>> I was also curious as to how you determined that there is no
>>> connection with Microsoft.  The gist of the thread is how users in
>>> general can keep their firewall rules updated so as to permit Windows
>>> checks for updates.  Knowing the content providers and the IP address
>>> blocks would be one part of achieving this.  Automated assistance in
>>> keeping the rules synchronized with the changing list of IP addresses
>>> would be another part of the solution.
>
>>> Thanks.
>
>>> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>>>> Andy, Limelight is a third party product going out to check for
>>>> updates. Kerio is alerting you to that. There is no connection with
>>>> Microsoft.
>
>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>
>>>>> Hello, Anthony,
>
>>>>> I'm not clear about your last post.
>
>>>>> Are you asking for clarification of what I meant by "the 3rd party
>>>>> content providers that Microsoft uses"?
>
>>>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning that
>>>>> svchost is trying to connect out to Limelight Networks port 80.
>>>>> The rest of my sleuthing is as I describe in the original post.  I
>>>>> have no further details.
>
>>>>> If this is Windows checking for updates, it must a common problem,
>>>>> endemic to users with third party firewalls.  So I was wondering
>>>>> what the established practice is to recognize such checks for
>>>>> updates, and to keep firewall rules that permit such checks
>>>>> synchronized with the IP addresses used for such checks by the
>>>>> content distributors on behalf of Microsoft.
>
>>>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>>>> firewall should tell you that something is trying to call out, and
>>>>>> ask if you want to allow it. You need to know what it is to know
>>>>>> whether it should be doing that.
>
>>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>>>> In Windows Professional 2000, svchost connects out to Limelight
>>>>>>> Networks port 80. A bit of surfing indicates that this might be a
>>>>>>> check for updates. How do users of 3rd party firewalls keep on
>>>>>>> top of the 3rd party content providers that Microsoft uses? The
>>>>>>> rules must be constantly updated.

"AndyHancock" <AndyMHanc***@gmail.com> wrote:
> In addition to #2 below indicating that MS does indeed use what seem
> to be 3rd party servers, common MS apps like media player also use
> what seem to be 3rd party servers; Limelight Networks,
> http://whois.domaintools.com/213.199.149.164, aka llnw, associated
> with Level 3 below.
>
> This practice is making firewall rule management very difficult.
>
> ---------- Original message ----------
> From: AndyHancock <AndyMHanc***@gmail.com>
> Date: Apr 15, 12:31 am
> Subject: MS outsource updates, complicates 3rd party firewall
>
> Thanks, Anthony.  That does indeed help.  I looked up the three URLs
> provided at the sophos webpage your cited.
>
> 1. update.microsoft.com resolves to 207.46.21.123, which whois
> confirms is Microsoft.
>
> 2. download.microsoftupdates.com resolves to 208.73.210.121, which
> whois reveals to be Oversee.net (advertising).
>
> 3. windowsupdate.microsoft.com resolves to 207.46.18.94, which whois
> confirms is Microsoft.
>
> Strangely enough, I have found it necessary in the past to permit
> access to the following before updates would work properly.
>
> 4. Net Access Corp, 209.123.0.0 - 209.123.255.255
> 5. Level 3 Communications, 206.32.0.0 - 206.35.255.255
> 6. Akamai Technologies, 72.246.0.0 - 72.247.255.255
>
> I've disabled permissions #4 thru #6 to see if anything goes awry.
>
> It is #4 thru #6 that caused me to believe that Microsoft uses 3rd
> party content disseminators.  Even #2 seems to do this.
>
> On Apr 14, 3:27 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>
>> Hi Andy,
>> The check for windows updates will be from a hidden process
>> wuauclt.exe running under a svchost process. Kerio should alert you
>> to these so you can allow them. They will be going out to
>> xxx.microsoft.com, so you can also restrict them to going out to
>> those sites only if you want.  Here is an example for Sophos. I
>> don't know the Kerio
>> one.http://www.sophos.com/support/knowledgebase/article/17444.html
>> There are no content providers or disseminators involved, so there
>> is no list to keep updated,
>> Hope that helps,
>> Anthony
>>
>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>> Anthony,
>>>
>>> Limelight is a content dissemintaor, not a product or process running
>>> on the computer.
>>>
>>> I agree that Kerio is alerting me to an outgoing connection, as I
>>> describe that in my last post.
>>>
>>> As per my last post, I was wondering how one can determine whether the
>>> outgoing connection is a check for Windows updates.
>>>
>>> I was also curious as to how you determined that there is no
>>> connection with Microsoft.  The gist of the thread is how users in
>>> general can keep their firewall rules updated so as to permit Windows
>>> checks for updates.  Knowing the content providers and the IP address
>>> blocks would be one part of achieving this.  Automated assistance in
>>> keeping the rules synchronized with the changing list of IP addresses
>>> would be another part of the solution.
>>>
>>> Thanks.
>>>
>>> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>>>> Andy, Limelight is a third party product going out to check for
>>>> updates. Kerio is alerting you to that. There is no connection
>>>> with Microsoft.
>>>>
>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>>>> Hello, Anthony,
>>>>>
>>>>> I'm not clear about your last post.
>>>>>
>>>>> Are you asking for clarification of what I meant by "the 3rd
>>>>> party content providers that Microsoft uses"?
>>>>>
>>>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning
>>>>> that svchost is trying to connect out to Limelight Networks port
>>>>> 80.  The rest of my sleuthing is as I describe in the original
>>>>> post.  I have no further details.
>>>>>
>>>>> If this is Windows checking for updates, it must a common
>>>>> problem, endemic to users with third party firewalls.  So I was
>>>>> wondering what the established practice is to recognize such
>>>>> checks for updates, and to keep firewall rules that permit such
>>>>> checks synchronized with the IP addresses used for such checks
>>>>> by the content distributors on behalf of Microsoft.
>>>>>
>>>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com>
>>>>> wrote:
>>>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>>>> firewall should tell you that something is trying to call out,
>>>>>> and ask if you want to allow it. You need to know what it is to
>>>>>> know whether it should be doing that.
>>>>>>
>>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>>>> In Windows Professional 2000, svchost connects out to
>>>>>>> Limelight Networks port 80. A bit of surfing indicates that
>>>>>>> this might be a check for updates. How do users of 3rd party
>>>>>>> firewalls keep on top of the 3rd party content providers that
>>>>>>> Microsoft uses? The rules must be constantly updated.

"AndyHancock" <AndyMHanc***@gmail.com> wrote in message
news:3494a08b-40e7-4b68-93a8-b786f010e9a7@r37g2000yqn.googlegroups.com...
> Kerio 2.1.5 does indeed require IP addresses rather than domain
> names.  I thought this was the norm for most personal firewalls.  Is
> this not correct?  Not that it matters, it is a problem for need that
> I need to find a solution to...somehow.  I don't have a lot of
> confidence in the firewall rules I set up using whois to lookup IP
> addresses...I have no idea whether Microsoft changes these IP
> addresses often.
>
> I think I get the gist of your explanation below, though the details
> are just a tad foggy.  You gave an example where you put a server in
> an ISP data centre, yet they have no control of the host, by which I
> assume you mean the server.  How is it tha can they have no control
> when the server is in their data centre?  Is it a hosting service that
> they rent out, including control of the information that the client
> (e.g. Microsoft) wants disseminated, and access from the client to
> update content for dissemintation?
>
> As well, I wasn't too clear on what you meant by putting that IP
> address against your server name...is that related to the domain name
> that you mentioned in paragraph 1 of your reply?  For example, would
> cds156.lon9.llnw.net (or cds156) be a server name, while lon9.llnw.net
> is a domain name?  How does it help for you (or Microsoft) to put that
> IP address on your DNS?  Doesn't it have to be mapped that way in the
> DNS's used by Microsoft users around the world?  I assume that those
> DNS's are maintained by the users' ISPs, but I'm really quite foggy
> when it comes to the nuts and bolts under the hood of the internet.
>
> ---------- Original message ----------
> From: "Anthony [MVP]" <anth***@no-reply.com>
> Date: Apr 19, 1:09 pm
> Subject: MS outsource updates, complicates 3rd party firewall
>
> Andy,
> Does Kerio require you to use an IP address instead of a domain name?
>
> The domain names are registered to Microsoft, which you can confirm in
> Whois. windowsupdate.com and microsoftupdate.com are registered by
> Microsoft. Only Microsoft have the authority to control the name
> resolution for those domains, so any IP address that is a host in
> those domains must be one that Microsoft want you to go to.
>
> The actual IP address can be any device, anywhere, hosted by anyone.
> Its just that you won't resolve a name to that IP unless it is in the
> DNS controlled by Microsoft.
>
> When you lookup the IP address, you are just discovering which
> organisation has control of that IP address range. So if I put a
> server in an ISP datacentre they will assign me one of their IP
> addresses. I will then go into my own DNS and put that address against
> my server name, so that it resolves to the IP assigned to me. The ISP
> can't do that. Oversee.net control the network and the routing that
> that particular Microsoft Updates service is sitting on, but they have
> no control of the host itself by virtue of that.
>
> Hope that helps,
> Anthony
>
> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>> In addition to #2 below indicating that MS does indeed use what seem
>> to be 3rd party servers, common MS apps like media player also use
>> what seem to be 3rd party servers; Limelight Networks,
>> http://whois.domaintools.com/213.199.149.164, aka llnw, associated
>> with Level 3 below.
>>
>> This practice is making firewall rule management very difficult.
>>
>> ---------- Original message ----------
>> From: AndyHancock <AndyMHanc***@gmail.com>
>> Date: Apr 15, 12:31 am
>> Subject: MS outsource updates, complicates 3rd party firewall
>>
>> Thanks, Anthony.  That does indeed help.  I looked up the three URLs
>> provided at the sophos webpage your cited.
>>
>> 1. update.microsoft.com resolves to 207.46.21.123, which whois
>> confirms is Microsoft.
>>
>> 2. download.microsoftupdates.com resolves to 208.73.210.121, which
>> whois reveals to be Oversee.net (advertising).
>>
>> 3. windowsupdate.microsoft.com resolves to 207.46.18.94, which whois
>> confirms is Microsoft.
>>
>> Strangely enough, I have found it necessary in the past to permit
>> access to the following before updates would work properly.
>>
>> 4. Net Access Corp, 209.123.0.0 - 209.123.255.255
>> 5. Level 3 Communications, 206.32.0.0 - 206.35.255.255
>> 6. Akamai Technologies, 72.246.0.0 - 72.247.255.255
>>
>> I've disabled permissions #4 thru #6 to see if anything goes awry.
>>
>> It is #4 thru #6 that caused me to believe that Microsoft uses 3rd
>> party content disseminators.  Even #2 seems to do this.
>>
>> On Apr 14, 3:27 am, "Anthony [MVP]" <anth***@no-reply.com> wrote:
>>
>>> Hi Andy,
>>> The check for windows updates will be from a hidden process
>>> wuauclt.exe running under a svchost process. Kerio should alert you
>>> to these so you can allow them. They will be going out to
>>> xxx.microsoft.com, so you can also restrict them to going out to
>>> those sites only if you want.  Here is an example for Sophos. I
>>> don't know the Kerio
>>> one.http://www.sophos.com/support/knowledgebase/article/17444.html
>>> There are no content providers or disseminators involved, so there
>>> is no list to keep updated,
>>> Hope that helps,
>>> Anthony
>>>
>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>>> Anthony,
>>>>
>>>> Limelight is a content dissemintaor, not a product or process running
>>>> on the computer.
>>>>
>>>> I agree that Kerio is alerting me to an outgoing connection, as I
>>>> describe that in my last post.
>>>>
>>>> As per my last post, I was wondering how one can determine whether the
>>>> outgoing connection is a check for Windows updates.
>>>>
>>>> I was also curious as to how you determined that there is no
>>>> connection with Microsoft.  The gist of the thread is how users in
>>>> general can keep their firewall rules updated so as to permit Windows
>>>> checks for updates.  Knowing the content providers and the IP address
>>>> blocks would be one part of achieving this.  Automated assistance in
>>>> keeping the rules synchronized with the changing list of IP addresses
>>>> would be another part of the solution.
>>>>
>>>> Thanks.
>>>>
>>>> On Apr 12, 4:28 pm, "Anthony [MVP]" wrote:
>>>>> Andy, Limelight is a third party product going out to check for
>>>>> updates. Kerio is alerting you to that. There is no connection
>>>>> with Microsoft.
>>>>>
>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote:
>>>>>> Hello, Anthony,
>>>>>>
>>>>>> I'm not clear about your last post.
>>>>>>
>>>>>> Are you asking for clarification of what I meant by "the 3rd
>>>>>> party content providers that Microsoft uses"?
>>>>>>
>>>>>> The firewall (Kerio Personal Firewall 2.1.5 issues a warning
>>>>>> that svchost is trying to connect out to Limelight Networks port
>>>>>> 80.  The rest of my sleuthing is as I describe in the original
>>>>>> post.  I have no further details.
>>>>>>
>>>>>> If this is Windows checking for updates, it must a common
>>>>>> problem, endemic to users with third party firewalls.  So I was
>>>>>> wondering what the established practice is to recognize such
>>>>>> checks for updates, and to keep firewall rules that permit such
>>>>>> checks synchronized with the IP addresses used for such checks
>>>>>> by the content distributors on behalf of Microsoft.
>>>>>>
>>>>>> On Apr 10, 6:53 am, "Anthony [MVP]" <anth***@no-reply.com>
>>>>>> wrote:
>>>>>>> "the 3rd party content providers that Microsoft uses" ?  Your
>>>>>>> firewall should tell you that something is trying to call out,
>>>>>>> and ask if you want to allow it. You need to know what it is to
>>>>>>> know whether it should be doing that.
>>>>>>>
>>>>>>> "AndyHancock" <AndyMHanc***@gmail.com> wrote in message
>>>>>>>> In Windows Professional 2000, svchost connects out to
>>>>>>>> Limelight Networks port 80. A bit of surfing indicates that
>>>>>>>> this might be a check for updates. How do users of 3rd party
>>>>>>>> firewalls keep on top of the 3rd party content providers that
>>>>>>>> Microsoft uses? The rules must be constantly updated.