Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: SVCHOST making connection to outside host
From: "Michael Painter" <tvhawaii () shaka com>
Date: Mon, 18 Dec 2006 12:15:51 -1000
Yogesh

Can you capture the packets with Wireshark or Packetyzer?  I think WGA might use Akamai...is this an XP laptop?

--Michael
----- Original Message ----- From: <yogeshpanwar () gmail com> 
To: <security-basics () securityfocus com>
Sent: Sunday, December 17, 2006 10:33 PM
Subject: SVCHOST making connection to outside host



Hi,
I have seen one intresting incident where in my laptop svchost.exe TCP 892 is making connection to outside IP 213.200.109.17 port 80 which belongs to Akmai Technologies even is i have not opened Internet explorer. it remain connected for long and after sometime IP address gets changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai Technologies.
I know Akmai Technologies provides web caching services but when i am not even opened my browser then it why it is still connected. 

Does anybody know why its making connection? what is the significance of this or whether their system is compromised.

What to do? I do not have any clue. please help

Thanks in advance.

Yogesh Panwar

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]