Re: SVCHOST making connection to outside host

[Richard Cox <khabi () pixelatedninja com>]

I work for one of the competitors, but since they're in the same business as I am I can venture a guess.
Most CDNs do more then just caching, they also do "content hosting" for lack of a better phrase.  My guess is you have 
something running on your machine that gets its updates from Akamai, and it either doing checks for new versions or 
downloading an update.

If you're worried about it report it to their abuse department.  Or even better, do some packet dumps when its running 
and see exactly what its trying to do.

--Rick

On Mon, Dec 18, 2006 at 08:33:41AM -0000, yogeshpanwar () gmail com wrote:
> Hi,
>  
> I have seen one intresting incident where in my laptop svchost.exe TCP 892 is making connection to outside IP 
> 213.200.109.17 port 80
> which belongs to Akmai Technologies even is i have not opened Internet explorer. it remain connected for long and 
> after sometime IP address gets changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai Technologies.
>  
> I know Akmai Technologies provides web caching services but when i am not even opened my browser then it why it is 
> still connected.
>  
> Does anybody know why its making connection? what is the significance of this or whether their system is compromised.
>  
> What to do? I do not have any clue. please help
>  
> Thanks in advance.
>  
> Yogesh Panwar
>
> ---------------------------------------------------------------------------
> This list is sponsored by: ByteCrusher
>
> Detect Malicious Web Content and Exploits in Real-Time.
> Anti-Virus engines can't detect unknown or new threats.
> LinkScanner can. Web surfing just became a whole lot safer.
>
> http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
> ---------------------------------------------------------------------------