I sniffed outgoing connections whilst running an Xbox1 game (this is in FSD if anyone is interested) because I was curious as to why I was greeted with 'you need to update' despite not being logged in to any profile, let alone on xbox live. This message would disappear if I removed the Ethernet cable (used to update FSD + FTP on LAN).
The console successfully connects to 220.127.116.11 using the kerbose service (handshake?), then connecting again afterward on 18.104.22.168 on UDP port 3074. The IP range 65.55.42.* is owned by Microsoft Corp, and is located in Bellevue in the US.
Evidently, despite the suggested precautions, our consoles are still capable of connecting online beknown to us. Microsoft could quite easily pull one off again and 'surprise us', as they did with the Ixtreme banning, with a forced update or such.
I highly suggest you either block all outgoing/incoming WAN traffic on your console's MAC address, or remove the ethernet cable entirely, particular if your console's R3T6 resistor has not been removed/shorted.
Finally, exercise extreme caution in all future updates, 9199 onwards. Microsoft could quite easily not only impose a ban on your Xbox LIVE account and console, but could remove your console's exploitabilty therefore rendering your jtag useless.
I thought I aught to share my findings with the community - please share your thoughts, I hope someone can prove me wrong.
Edited by Ranger72, 01 August 2010 - 09:33 PM.