Hello i have a Linksys router WRT54G. I went into the router's configuration then to the admin and looked at the logs. I found
65.55.158.81 1117
65.55.158.81 1036
65.55.158.81 1039
65.55.158.81 1060

I did a who is on those ip addresses

http://ws.arin.net/whois/

And it shows that its from Microsoft. What is going on? What are they trying to do?

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!

As a newbie to the rarefied atmospherics of finding bugs and other strange happenings within XP Pro...can someone tell me if I am in the right forum? The problem is a unsolicited 'file' download from the net that occurrs every time I 'switch on'(over last 2 weeks). The incoming file size is around 20mb and the data sent in response is around 600kb. I want to know where it is coming from, where it is residing in my PC and how to stop it. If I shut the PC down during the download a 'box'informs me that Data from Real Networks will be lost if I terminate now. I am running PC-Cilin 2008. Please someone put me out of my misery?

XPlode, you need to post your own thread. For this issue, start with the Networking or Security Forum. NOT both.

Life's more painless for the brainless.

Here are more logs as of today. Computer is a little slow. I went away for the weekend and came back and found this. in my router logs WRT54G.
Source IP Destination Port Number

192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
192.168.1.254 137
192.168.1.254 www
68.142.233.76 1110
68.142.233.74 1089
68.142.233.74 1054
68.142.233.76 1080
192.168.1.254 137
192.168.1.254 www
68.142.233.76 1067
192.168.1.254 137
192.168.1.254 www
68.142.233.76 1066
192.168.1.254 137
192.168.1.254 www
68.142.233.74 1052
192.168.1.254 137
192.168.1.254 www

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!

192.168.1.254 will be your internal ip address. Because it is the last available in the ip address range it looks like a static ip address could be assigned.

Port 137 is netbios which is needed for your pc to communicate over a LAN. Although strictly not a necessary process I believe it is a necassary process to communicate with the gateway / router to connect to a WAN or internet also.

68.142.233.74
68.142.233.76

Neighborhood
Host : stun2a.voice.re2.yahoo.com
Country : United States

It looks like yahoo is doing something of its own accord in the background. I wouldn't worry about it too much although I prefer to control what has access to the net, so for me, I would disable yahoo from startup in msconfig and just start it manually when I need it.

Here are two ip lookup sites:

http://ip-lookup.net/index.php
http://ws.arin.net/whois/

Here are two port description sites if you want to research what port is being used and why (the second link lists exploited ports and offending processes. Keep in mind legitimate processes will use these ports also):

http://www.donkboy.com/html/ports2.htm
http://www.iss.net/security_center/...

65.55.158.81 is one of Microsoft's Teredeo servers. Teredeo (see Teredo tunneling) is used to access IPv6 addresses behind an IPv4 NAT router.

Why is Microsoft hacking? When i went away for the weekend i signed on my laptop with yahoo with different ID than my desktop yahoo ID. My yahoo at home never went idle. Noone was at my house either to be useing the computer. It seems something was makeing my computer active and yahoo thought there was activity when there wasn't.

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!

I hardly think they are hacking you...it's a service they are peforming for you. How it got there I'm not going to guess other than to say perhaps an IPv6 aware application was installed that set it up for you.

The service Microsoft is performing is to provide a "tunnel" that allows IPv6 packets over an IPv4 network. IPv4 is the internet addressing scheme you are familiar with. Basically, tunneling is a temporary fix until IPv6 hardware becomes widespread. There are other methods of providing IPv6 connectivity over IPv4 hardware.

An outbound UDP conection to 65.55.158.80 is initiated by the "Microsoft TCP/IP version 6" protocol running on your computer. After the connection is made an inbound UDP connection is opened from 65.55.158.81. These connections are the IPv6 tunnel; the IP addresses could vary. If you try using your router to block the connection the service continues trying to connect using varying UDP ports.

Uninstall the protocol if you don't want this service. Open Network Connections in your Control Panel. Double-click on the icon that represents your internet connection (not "Internet Gateway" if it is there). Select the Properties button and look for "Microsoft TCP/IP version 6" in the "items" list. Highlight it and press Uninstall. Depending upon whatever installed it in the first place, it might reinstall the protocol the next time it needs it and finds it's not there.

IPv4 is being replaced because there are not enough addresses available for all the connections being made to the internet. IPv6 is the solution to, among other things, provide more addresses. Check out IPv6 in the Wiki for more information.