RE: SVCHOST making connection to outside host

[Murda Mcloud <murdamcloud () bigpond com>]

Software updates? Don't MS or adobe use Akamai for some of their load
balancing? Maybe they do it for any software you might have set to auto
update?
What happens when you do netstat -a -o and see what the PID is? Then you
might track down the process responsible by comparing to tasklist. But this
can be hard if you have a personal firewall like Symantec(it appears like
Symantec's ccproxy is doing all the connecting then).

Is this immediately after you have booted? Or have you closed down IE and
then checked?

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of yogeshpanwar () gmail com
Sent: Monday, December 18, 2006 6:34 PM
To: security-basics () securityfocus com
Subject: SVCHOST making connection to outside host

Hi,
 
I have seen one intresting incident where in my laptop svchost.exe TCP 892
is making connection to outside IP 213.200.109.17 port 80
which belongs to Akmai Technologies even is i have not opened Internet
explorer. it remain connected for long and after sometime IP address gets
changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai
Technologies.
 
I know Akmai Technologies provides web caching services but when i am not
even opened my browser then it why it is still connected.
 
Does anybody know why its making connection? what is the significance of
this or whether their system is compromised.
 
What to do? I do not have any clue. please help
 
Thanks in advance.
 
Yogesh Panwar

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------