This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 12%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hi, we had a report from our security provider, that some of our computers started communicating IP in PRC on destination port 7680, which is commonly used for Microsoft WUDO (Windows Update Delivery Optimization). They advised us to make sure it is not a security breach.
IPs are:
60.9.1.222
60.9.3.254
60.9.1.55
172.10.0.23
Did Microsoft recently enrolled PRC located servers into global update list or we should worry about a hacking attempt?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
You can try to close the port and see if delivery optimisation works to make sure this is created by windows service only.
Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 7.000000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENE%3C/text%3E%3C/svg%3E)
Hi Andrej,
It is possible the default configuration of Delivery Optimization's "Download Mode" is resulting in connection attempts from legit peers in a different region.
Please take a look at the article here to learn more: https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#download-mode
Regarding how Delivery Optimization verifies the content it pulls from peers please take a look at the following: https://learn.microsoft.com/en-us/windows/deployment/do/delivery-optimization-workflow