If you’re seeing DNS queries for teredo.ipv6.microsoft.com you may be interested in disabling it (more at MSDN and WikiPedia). On Windows 7, you can run the following command from an elevated/administrator command prompt and say good bye!
Read moreTag: sandbox
Disabling Network Connectivity Status Indicator (NCSI)
According to this article on MSDN, Microsoft introduced the Network Connectivity Status Indicator in Windows Vista. While there may be a number of reasons to investigate this service, my motivation is in eliminating the resulting network traffic from my malware sandbox. This service performs an HTTP GET request for a text document, ncsi.txt, from any number of Microsoft hosts. While it would be easy enough to filter this traffic based off of the user-agent (Microsoft NCSI) or similar, in this scenario I find it even better to simply eliminate the behavior all together. To accomplish this, there is only a…
Read more