Blocking Windows 10 from phoning home

Written by truthspew

So I’ve long known Windows 10 likes to phone home to Microsoft. Well last night I pulled a command prompt up and executed the command netstat -an

From that I looked up all the active addresses – most were legitimate though I’m really considering blocking Yahoo.com next.

But just for your consideration here’s a snippet of the firewall log in which I blocked a Microsoft address.

2016-02-07 12:12:11 RV110W kern.warning ACL-Deny-L2W:IN=VLAN1 OUT=WAN SRC=192.168.1.100 DST=65.52.108.210 LEN=157 TOS=0x00 PREC=0x00 TTL=127 ID=13934 DF PROTO=TCP SPT=49447 DPT=443 WINDOW=61 RES=0x00 ACK PSH URGP=0
2016-02-07 12:12:12 RV110W kern.warning ACL-Deny-L2W:IN=VLAN1 OUT=WAN SRC=192.168.1.100 DST=65.52.108.210 LEN=157 TOS=0x00 PREC=0x00 TTL=127 ID=13935 DF PROTO=TCP SPT=49447 DPT=443 WINDOW=61 RES=0x00 ACK PSH URGP=0
2016-02-07 12:12:12 RV110W kern.warning ACL-Deny-L2W:IN=VLAN1 OUT=WAN SRC=192.168.1.100 DST=65.52.108.210 LEN=157 TOS=0x00 PREC=0x00 TTL=127 ID=13936 DF PROTO=TCP SPT=49447 DPT=443 WINDOW=61 RES=0x00 ACK PSH URGP=0

So on average it tries to phone home every 30-60 seconds. To hell with Microsoft. If I blocked something important, like say a software authentication server or an update server I’ll see Windows bitch in the logs. But so far, nothing.

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.