Warning: Consoles Still Connect To Xbox Live Despite Family Settings, Confirmed by sniffing outgoing UDP network traffic Options

[Kiewee123]

I can confirm that only enabling restrictions 'Xbox LIVE Access' and 'Xbox Live Membership Creation' in 'Console Control' (in Family Settings) is NOT adequate protection for your Jtag flashed console.

I sniffed outgoing connections whilst running an Xbox1 game (this is in FSD if anyone is interested) because I was curious as to why I was greeted with 'you need to update' despite not being logged in to any profile, let alone on xbox live. This message would disappear if I removed the Ethernet cable (used to update FSD + FTP on LAN).

The console successfully connects to 65.55.42.183 using the kerbose service (handshake?), then connecting again afterward on 65.55.42.180 on UDP port 3074. The IP range 65.55.42.* is owned by Microsoft Corp, and is located in Bellevue in the US.

Evidently, despite the suggested precautions, our consoles are still capable of connecting online beknown to us. Microsoft could quite easily pull one off again and 'surprise us', as they did with the Ixtreme banning, with a forced update or such.

I highly suggest you either block all outgoing/incoming WAN traffic on your console's MAC address, or remove the ethernet cable entirely, particular if your console's R3T6 resistor has not been removed/shorted.

Finally, exercise extreme caution in all future updates, 9199 onwards. Microsoft could quite easily not only impose a ban on your Xbox LIVE account and console, but could remove your console's exploitabilty therefore rendering your jtag useless.

I thought I aught to share my findings with the community - please share your thoughts, I hope someone can prove me wrong.

This post has been edited by Ranger72: Aug 1 2010, 09:33 PM

[Kiewee123]

Yes, the first connection is indeed a handshake as I said in the OP, on the Kerberos authentication protocol (google it). My worries are the subsequent connection(s) on the alternate port, and although Microsoft at present don't have anything in place to limit/blow/patch/etc. freeboot and the jtag hack, as others have said above I think it'd be naive to completely ignore the possibility of it in the future - they might just 'pull a fast one'. I for one don't like my console connecting back to Microsoft for any reason at all - even if it's just a darn ping.

At the moment, with the iptables previously mentioned set up, I have peace of mind that my console isn't connecting to anyone but teamfsd for diddly squit. Although at present I haven't had time to figure out where the NTP sync, covers, info, etc. are fetched from, but this doesn't bother me much for now. I need to get onto teamFSD and ask personally, but I can't find anyway to contact them but the bugtracker.

[GISJason]

Try #FreeStyleDash on EFNet

[Kiewee123]

Try #FreeStyleDash on EFNet

I'll get at them tomorrow afternoon - it's a bit late now. Cheers.

[Mattie]

I'll get at them tomorrow afternoon - it's a bit late now. Cheers.

We're on the forums too
NTP goes to pool.ntp.org, FSD updates to teamfsd.com
but all covers and such are downloaded from microsoft. we use the same url's NXE use.
In time we'll probably release a pc-indexer again, so if you're worried about connecting
to microsoft, you can wait for that for all your covers and such (won't be too soon though).

hope this helps

[Kiewee123]

We're on the forums too
NTP goes to pool.ntp.org, FSD updates to teamfsd.com
but all covers and such are downloaded from microsoft. we use the same url's NXE use.
In time we'll probably release a pc-indexer again, so if you're worried about connecting
to microsoft, you can wait for that for all your covers and such (won't be too soon though).

hope this helps

Brilliant - cheers Mattie!