Ambush! - The Online Geek Community

Computer Related => Security => Topic started by: ZWarrior on May 18, 2011, 10:14:31 AM

Title: Windows 7 phones home... on your dime
Post by: ZWarrior on May 18, 2011, 10:14:31 AM
I have always noticed that Windows 7 knows when I have network connectivity and suspected the the OS was connecting to something on the web, but didn't know what it was doing to validate the connectivity.  Now I have the details:

http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

Quote
Windows does indeed check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site. There are a few variations of the connection checking process:

   1. NCSI performs a DNS lookup on http://www.msftncsi.com/ncsi.txt, then requests http://www.msftncsi.com/ncsi.txt. This file is a plain-text file and contains only the text Microsoft NCSI.
   2. NCSI sends a DNS lookup request for dns.msftncsi.com. This DNS address should resolve to 131.107.255.255. If the address does not match, then it is assumed that the internet connection is not functioning correctly.

I am sufficiently private, and suspicious of M$, that I am willing to modify these settings and setup the process on one of my websites.  I will tell you how it works after I have tested it for a while.

Update:  Below are the settings that can be changed and the meaning of the entries.

Quote
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet]
"EnableActiveProbing"=dword:00000001 -- Turn this to "0" to disable the testing
"ActiveWebProbeHost"="www.msftncsi.com" -- The domain to find the test file
"ActiveWebProbePath"="ncsi.txt" -- The name of the test file
"ActiveWebProbeContent"="Microsoft NCSI" -- The expected text in the test file (remember to not have an EOL)
"ActiveDnsProbeHost"="dns.msftncsi.com" -- The dns server to poll
"ActiveDnsProbeContent"="131.107.255.255" -- The IP address for the dns server to poll