WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.3K

Over 100 Windows connections blocked with no side effect

Over 100 Windows connections blocked with no side effect

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (7).
[–] 3 pts

I don’t trust any OS-level firewall or block. Windows has a history of ignoring what users tell it. Therefore I block all connections to Microsoft servers directly on my router itself, and I don’t allow any Windows machines on the network to know the username/password of the router.

[–] 0 pt

Windows doesn't call home only to microsoft.com, and the domains will change over time. Is there a list of domains to block, maybe even a maintained ruleset for the Suricata platform?

[–] 0 pt

Windows doesn't call home only to microsoft.com

Oh, I’m well aware. It’s a nightmare to do that initial blocking.

and the domains will change over time.

The static IPs they own won’t! The monopoly corporations from the early 90s will likely never sell their IP blocks.

Is there a list of domains to block

Gimme a bit; I think I still have a raw text list…

maybe even a maintained ruleset for the Suricata platform

I doubt that. Could a text list be reformatted with a script?

[–] 0 pt

Could a text list be reformatted with a script?

Probably, but to be used only once, the list can be entered manually in any firewall. The Suricata platform is more useful as an add-on to firewalls when the blacklists are dynamic, they are maintained by places like https://abuse.ch

The proxy Squid uses raw text lists. This is a list I have found at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Analyse_Telemetriekomponente_1_2.html (in German):

geo.settings-win.data.microsoft.com.akadns.net

db5-eap.settings-win.data.microsoft.com.akadns.net

settings-win.data.microsoft.com

db5.settings-win.data.microsoft.com.akadns.net

asimov-win.settings.data.microsoft.com.akadns.net

db5.vortex.data.microsoft.com.akadns.net

v10-win.vortex.data.microsoft.com.akadns.net

geo.vortex.data.microsoft.com.akadns.net

v10.vortex-win.data.microsoft.com

v10.events.data.microsoft.com

v20.events.data.microsoft.com

us.vortex-win.data.microsoft.com

eu.vortex-win.data.microsoft.com

vortex-win-sandbox.data.microsoft.com

alpha.telemetry.microsoft.com

oca.telemetry.microsoft.com

ceuswatcab01.blob.core.windows.net

ceuswatcab02.blob.core.windows.net

eaus2watcab01.blob.core.windows.net

eaus2watcab02.blob.core.windows.net

weus2watcab01.blob.core.windows.net

weus2watcab02.blob.core.windows.net