|
Security Basics
mailing list archives
Re: SVCHOST making connection to outside host
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Mon, 18 Dec 2006 15:11:23 -0500
probably windows update services.
MS Windows Update services uses Linux based Akamai caching service to
get the new patches etc using BITs
You can use the demo sniffer from http://www.colasoft.com/ to see what
is is going in that connection.
saqib
http://www.full-disk-encryption.net
On 18 Dec 2006 08:33:41 -0000, yogeshpanwar () gmail com
<yogeshpanwar () gmail com> wrote:
Hi,
I have seen one intresting incident where in my laptop svchost.exe TCP 892 is making connection to outside IP
213.200.109.17 port 80
which belongs to Akmai Technologies even is i have not opened Internet explorer. it remain connected for long and after
sometime IP address gets changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai Technologies.
I know Akmai Technologies provides web caching services but when i am not even opened my browser then it why it is
still connected.
Does anybody know why its making connection? what is the significance of this or whether their system is compromised.
What to do? I do not have any clue. please help
Thanks in advance.
Yogesh Panwar
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
 By Date 
By Thread
Current thread:
| 
Intro
