Security Basics mailing list archives

Re: SVCHOST making connection to outside host

From: "Michael Painter" <tvhawaii () shaka com>
Date: Mon, 18 Dec 2006 12:15:51 -1000

Yogesh

Can you capture the packets with Wireshark or Packetyzer?  I think WGA might use Akamai...is this an XP laptop?

--Michael

----- Original Message -----From: <yogeshpanwar () gmail com>

To: <security-basics () securityfocus com>
Sent: Sunday, December 17, 2006 10:33 PM
Subject: SVCHOST making connection to outside host

Hi,
I have seen one intresting incident where in my laptop svchost.exe TCP 892 is making connection to outside IP 213.200.109.17 port80which belongs to Akmai Technologies even is i have not opened Internet explorer. it remain connected for long and after sometimeIP address gets changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai Technologies.
I know Akmai Technologies provides web caching services but when i am not even opened my browser then it why it is stillconnected.
Does anybody know why its making connection? what is the significance of this or whether their system is compromised.

What to do? I do not have any clue. please help

Thanks in advance.

Yogesh Panwar

Current thread:

SVCHOST making connection to outside host yogeshpanwar (Dec 18)
- RE: SVCHOST making connection to outside host Herb Steck (Dec 19)
- RE: SVCHOST making connection to outside host Paul Marsh (Dec 19)
- Re: SVCHOST making connection to outside host Navroz Shariff (Dec 19)
- Re: SVCHOST making connection to outside host Saqib Ali (Dec 19)
- Re: SVCHOST making connection to outside host Michael Painter (Dec 19)
- Re: SVCHOST making connection to outside host Richard Cox (Dec 19)
- RE: SVCHOST making connection to outside host Murda Mcloud (Dec 19)
- RE: SVCHOST making connection to outside host Gurpreet Singh (Dec 19)
- <Possible follow-ups>
- Re: SVCHOST making connection to outside host anonymous (Dec 19)
- RE: SVCHOST making connection to outside host Gurpreet Singh (Dec 21)