Why does my Xbox One controller query out to Akamai Technologies when I plug it in? [closed]
Running wireshark, I've been having issues with my xbox controller I plug into my pc. When I plug it in, it immediately starts some communication with 23.32.109.224. So I firewalled that address out, so that my joystick doesn't query out to microsoft just to start. but if it can query out to that microsoft it can query out to some other later, once they send an update to my driver.
So I have been owned by Microsoft? When I play a game, I have recorded again in wireshark, these umpteen packets that get sent through and make my controller vibrate and go out for a short period of time. Any time this happens, predictable packets come through on wireshark:
52.242.101.140 comes in with a TCP 66 63664 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
52.242.101.140 TLSv1.2 274 Client Hello (SNI=array517.prod.do.dsp.mp.microsoft.com)
78387 362.121935 52.242.101.140 192.168.1.20 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message
78388 362.121935 52.242.101.140 192.168.1.20 TLSv1.2 123 Application Data
78389 362.121986 192.168.1.20 52.242.101.140 TCP 54 63664 → 443 [ACK] Seq=379 Ack=2552 Win=132352 Len=0
78390 362.122719 192.168.1.20 52.242.101.140 TLSv1.2 141 Application Data
78391 362.122790 192.168.1.20 52.242.101.140 TLSv1.2 204 Application Data
78392 362.122909 192.168.1.20 52.242.101.140 TLSv1.2 92 Application Data
78393 362.122965 192.168.1.20 52.242.101.140 TLSv1.2 703 Application Data
78793 373.674536 23.32.109.224 192.168.1.20 TCP 54 443 → 63669 [RST] Seq=7273 Win=0 Len=0
78794 373.698052 23.32.109.224 192.168.1.20 TCP 54 443 → 63669 [RST] Seq=7745 Win=0 Len=0
78795 373.698052 23.32.109.224 192.168.1.20 TCP 54 443 → 63669 [RST] Seq=7745 Win=0 Len=0
78796 373.701051 23.32.109.224 192.168.1.20 TCP 54 443 → 63669 [RST] Seq=7745 Win=0 Len=0
78797 373.701051 23.32.109.224 192.168.1.20 TCP 54 443 → 63669 [RST] Seq=7746 Win=0 Len=0
78821 373.803626 23.32.109.224 192.168.1.20 TCP 54 443 → 63670 [RST] Seq=1203 Win=0 Len=0
78822 373.803626 23.32.109.224 192.168.1.20 TCP 54 443 → 63670 [RST] Seq=1203 Win=0 Len=0
78823 373.812451 23.32.109.224 192.168.1.20 TCP 54 443 → 63670 [RST] Seq=1676 Win=0 Len=0
78824 373.812451 23.32.109.224 192.168.1.20 TCP 54 443 → 63670 [RST] Seq=1676 Win=0 Len=0
78825 373.821544 23.32.109.224 192.168.1.20 TCP 54 443 → 63670 [RST] Seq=1676 Win=0 Len=0
The spamming continues, even a few seconds later,
78939 374.316133 23.32.109.224 192.168.1.20 TLSv1.3 78 Application Data
78940 374.316133 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [FIN, ACK] Seq=1675 Ack=2858 Win=64128 Len=0
78941 374.316230 192.168.1.20 23.32.109.224 TCP 54 63674 → 443 [ACK] Seq=6254 Ack=1676 Win=131328 Len=0
78942 374.316286 192.168.1.20 23.32.109.224 TLSv1.3 78 Application Data
78943 374.316317 192.168.1.20 23.32.109.224 TCP 54 63674 → 443 [FIN, ACK] Seq=6278 Ack=1676 Win=131328 Len=0
78944 374.323247 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1203 Win=0 Len=0
78945 374.324760 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1203 Win=0 Len=0
78946 374.326291 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1203 Win=0 Len=0
78947 374.334315 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1676 Win=0 Len=0
78948 374.334315 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1676 Win=0 Len=0
78949 374.334315 23.32.109.224 192.168.1.20 TCP 54 443 → 63674 [RST] Seq=1676 Win=0 Len=0
78950 375.004727 192.168.1.20 104.172.1.185 UDP 65 2626 → 47981 Len=23
I see this line occurring as well:
M-SEARCH * HTTP/1.1\x0d\x0aHOST: 239.255.255.250:1900\x0d\x0aMAN: "ssdp:discover"\x0d\x0aMX: 1\x0d\x0aST: urn:dial-multiscreen-org:service:dial:1\x0d\x0aUSER-AGENT: Microsoft Edge/122.0.2365.92 Windows\x0d\x0a\x0d\x0a"
Even firewalling the 23.32.109.224 they can still find a way to send umpteen packets to my router and shut down my controller whenever they want (or so it feels that way, surely it isn't a coincidence as this has been happening to me for some time now)
So my questions are these:
- Is it obvious based off of what I sent that my network is hacked?
- How do I prevent this hack from happening?
By the way, this all started happening after I installed a new nvidia graphics card, but I don't think that matters. I think that is unrelated, but I could be wrong.
Let me know please. Thanks
