Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SVCHOST making connection to outside host

from [Saqib Ali] Network Security [Permanent Link]
Subject: Re: SVCHOST making connection to outside host
Date: Mon, 18 Dec 2006 15:11:23 -0500 
probably windows update services.

MS Windows Update services uses Linux based Akamai caching service to
get the new patches etc using BITs

You can use the demo sniffer from http://www.colasoft.com/ to see what
is is going in that connection.

saqib
http://www.full-disk-encryption.net

On 18 Dec 2006 08:33:41 -0000, yogeshpanwar@gmail.com
<yogeshpanwar@gmail.com> wrote:

Hi,

I have seen one intresting incident where in my laptop svchost.exe TCP 892 is 
making connection to outside IP 213.200.109.17 port 80
which belongs to Akmai Technologies even is i have not opened Internet 
explorer. it remain connected for long and after sometime IP address gets 
changed eg 213.200.109.18, 213.200.109.19 also all belongs to Akamai 
Technologies.

I know Akmai Technologies provides web caching services but when i am not even 
opened my browser then it why it is still connected.

Does anybody know why its making connection? what is the significance of this 
or whether their system is compromised.

What to do? I do not have any clue. please help

Thanks in advance.

Yogesh Panwar

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------




--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SVCHOST making connection to outside host, Navroz Shariff
Next by Date:  RE: Linux auditing checklist, documents, Hayes, Bill
Previous by Thread:  Re: SVCHOST making connection to outside host, Navroz Shariff
Next by Thread:  Re: SVCHOST making connection to outside host, Michael Painter
Indexes:  [Date] [Thread] [Top] [All Lists]