security concerns in winxp remote assistance

[graysky]

Hi all, before discovering this thread, I have been experimenting with the remote assistance feature in winxp pro. Anyway, when I make an invitation I noticed that my firewall warned me of many attempts to connect to remote severs:

c:\windows\pchealth\helpctr\binaries\helpctr.exe

207.46.249.55

69.44.123.142

69.44.123.153

207.46.20.30

207.46.198.60

207.46.199.30

207.46.199.60

207.46.225.60

207.46.249.55

Seems to me that a remote connection between two machines shouldn't have to go through a 3rd party at all.

What's up with this behavior?

[Mordac85]

IMHO it's easier to just use RDP (Start\Accessories\Communications\Remote Desktop Connection) and plug in the remote system name or IP (depending on what your network layout is like and has to be enabled on the far end). There are a lot of what ifs involved in either situation, but well worth it.

If the remote is behind a firewall or some such where you cannot connect w/RDP, you can always fall back to using desktop sharing in Netmeeting.

[LLXX]

It looks like Microsoft is trying to spy on you.

All the 207.* are M$ IPs (they practically own the entire 207.*.*.*)

69.44.123.142 and .153 belong to:

OrgName:	Office of the Future
OrgID:	  OFFICE
Address:	115 River Rd
City:	   Edgewater
StateProv:  NJ
PostalCode: 02020
Country:	US
Comment:	
RegDate:	1992-09-10
Updated:	1992-09-10

[graysky]

Yeah I did the RNSLookup as well. I guess I'm interested in knowing if others get this bullsh*t when they try to create invites as well.

[LLXX]

Along a similar line, does start -> search also get explorer.exe trying to connect to sa.microsoft.com (another 207.*) address? I've noticed this happen on a number of WinXP machines, so much that I abandoned the search feature and used my own file finder.

Edited April 17, 2006 by LLXX

[Mordac85]

M$, while shady in some areas, is not trying to "spy" on you. They use intermediary servers to route your help request and help establish the connection. It's not a simple point to point connection. That's why I prefer to initiate the RDP connection to a known system or IP, or use Netmeeting.

[nmX.Memnoch]

Remote Assistance is nice when you're trying to trouble shoot something specific to the user's profile though. A good example would be Outlook settings. It's also useful in showing them how to do something.

[Mordac85]

Good point that I forgot to mention. RDP logs out the end user and locks the remote system so all the end user sees is a locked WS screen. I use Netmeeting when I need to do something interactive.