Results 1 to 7 of 7

Thread: svchost.exe UDP outgoing log entries

  1. #1
    oldshep Guest

    Default svchost.exe UDP outgoing log entries

    I've been getting a few medium rated
    log entries
    for svchost.exe UDP outgoing
    ... communication between my PC and my router. I don't recall seeing these before in V6 (now using V7). Generic Host Process (svchost.exe right?) has 3 green bars and is checked for trusted and internet access and
    trusted server (default settings I believe).
    My setup is as follows: Verizon Fios w/ Actiontec router (NAT), no other computers connected.
    Network is in
    internet zone.
    Also, I don't see an entry for the loopback adapter
    (trusted zone) like I used to have
    in V6.
    Any help or explanation would be greatly appreciated.
    Thanks,Oldshep

    Operating System:
    Windows XP Pro
    Product Name:
    ZoneAlarm Internet Security Suite
    Software Version:
    7.0


    Message Edited by oldshep on 01-24-200702:13 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: svchost.exe UDP outgoing log entries

    Are the ports 67 and 68 (BOOTPC and BOOTPS)?

    Oldsod
    Best regards.
    oldsod

  3. #3
    oldshep Guest

    Default Re: svchost.exe UDP outgoing log entries

    Hey Oldsod, thanks for taking my question.
    Source IP log entries have varying ports -
    192.168.1.2:3223, :3562, :1731, :1028
    Destination IP is always 192.168.1.1:53
    Oldshep

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: svchost.exe UDP outgoing log entries

    Hi oldshep


    Destination port 53 is DNS port. Is the router doing DNS? Are the providers DNS servers listed as Trusted in the Zones of the Firewall of the ZA?
    ------------------------------------------------------------
    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://www.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    ------------------------------------------------------------



    PORT 1731 - Information

    Port Number: 1731
    TCP / UDP: TCP
    Delivery: Yes
    Protocol / Name: msiccp
    Port Description: MS ICCP (Audio Call Control Protocol). Used to establish and maintain datastream sessions for multimedia collaborative apps such as NetMeeting. Concern is in its random-high selection for datastream udp ports for each session, complicating packet filtering decisions.
    Virus / Trojan: No

    Side note: TCP port 1731 uses the Transmission Control Protocol. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered on port 1731 in the same order in which they were sent. Guaranteed communication over port 1731 is the key difference between TCP and UDP. UDP port 1731 would not have guaranteed communication in the same way as TCP.3223,
    ------------------------------------------------------------
    Port 3223

    Name:
    digivote

    Purpose:
    DIGIVOTE (R) Vote-Server
    ------------------------------------------------------------

    Port 3562

    Name:
    sdbproxy

    Purpose:
    SDBProxy
    ------------------------------------------------------------
    Port 1028

    DCOM , Messenger, antivirus monitoring port and such.See>

    http://www.grc.com/port_1028.htm
    ------------------------------------------------------------

    Okay the PC is talking to the router and svchost will and should do that. That is okay- no security risk or no calling out to the internet by something nefarious.. All of the IPs are private networks and not internet IPs.The range of 192.168.0.0 192.168.255.255 is a private network. See>

    http://en.wikipedia.org/wiki/Private_network

    Still safe

    Oldsod
    Best regards.
    oldsod

  5. #5
    oldshep Guest

    Default Re: svchost.exe UDP outgoing log entries

    Many thanks Oldsod for all the info. This user forum and the help offered by you Gurus really
    are a huge plus for ZA.
    I did the ipconfig /all and find that the router address (198.168.1.1) is listed for DNS and DHCP servers. If I look at the "Zones" tab on the "Firewall" menu, I have 1 network listed: 198.168.1.0/255.255.255.0 and it is set to "internet" zone. It appears
    that your previous message suggests I set this to network to "Trusted" instead of "internet" right? I had always wondered about that. I know you're supposed to use trusted for a network with other computers connected but since I only have 1 computer connected, I
    figured I could just set it to "internet" zone for maximum security (at least I thought it would be more secure...)
    So just to make sure I understand completely: I should set this network (198.168.1.0/255.255.255.0) to trusted and add an entry for the loopback adapter (127.0.0.1) and put that in the trusted zone as well - Correct?
    Thanks again for all your help.
    Oldshep

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: svchost.exe UDP outgoing log entries

    So just to make sure I understand completely: I should set this network (198.168.1.0/255.255.255.0) to trusted and add an entry for the loopback adapter (127.0.0.1) and put that in the trusted zone as well - Correct?

    Correct.

    Even adding the entire range is acceptable and often does solve ICS or hardware connections (printer/scanners/ xbox, etc) problems. The entire range of 192.168.0.0 to 182.168.255.255 is acceptable and perfectly safe (remember the private networking info?).

    The 127.0.0.1 is the internal address of the PC and by no means does it actualy have any private or internet connection abilities. Loopback, or also called the localhost, is used by software components and individual components of the OS to communicate; through this internal address. The Trusted Security Zone slider should be at Medium.


    The Internet Security Zone slider by default is at High and that is okay. But some users do set the Internet Security Zone slider at Medium- true stealth is not required if the router is providing stealth before the PC.

    Take care oldshep

    Oldsod

    Message Edited by Oldsod on 01-25-2007 07:06 AM

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  7. #7
    oldshep Guest

    Default Re: svchost.exe UDP outgoing log entries

    Hey Oldsod,
    I made the changes - added the loopback address as trusted and changed the existing network to trusted. Have not received any firewall log entries since
    Thanks again for your help and have a great day.
    Oldshep

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •