Results 1 to 2 of 2

Thread: svchost incoming and outgoing?

  1. #1
    deathsdesign Guest

    Default svchost incoming and outgoing?

    I see on my ZA log that there are a few connections, incoming and outgoing from svchost.exe. Was wondering if i could get some help in figuring out if this is an issue or not. I know they are blocked so I am safe, but what are they trying to do?


    program: svchost outgoing to IP 124.40.51.144:3478 blocked


    program svchost incoming from IP 124.40.51.145:3478 blocked

    program svchost incoming from IP 77.67.10.134:3478 blocked

    program svchost incoming from IP 69.26.190.118:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 69.26.190.119:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 69.26.190.127:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 96.17.157.44:3478 blocked SourceDNS: cn1.redswoosh.akadns.net

    program svchost incoming from IP 96.17.157.48:3478 blocked SourceDNS: a96-17-157-48.deploy.akamaitechnologies.com

    program svchost incoming from IP 124.40.51.144:3478 blocked

    program svchost incoming from IP 124.40.51.148:3478 blocked

    TIA.

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: svchost incoming and outgoing?


    <blockquote><hr>DeathsDesign wrote:
    I see on my ZA log that there are a few connections, incoming and outgoing from svchost.exe. Was wondering if i could get some help in figuring out if this is an issue or not. I know they are blocked so I am safe, but what are they trying to do?


    program: svchost outgoing to IP 124.40.51.144:3478 blocked


    program svchost incoming from IP 124.40.51.145:3478 blocked

    program svchost incoming from IP 77.67.10.134:3478 blocked

    program svchost incoming from IP 69.26.190.118:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 69.26.190.119:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 69.26.190.127:3478 blocked SourceDNS: unknown.nscnap.net

    program svchost incoming from IP 96.17.157.44:3478 blocked SourceDNS: cn1.redswoosh.akadns.net

    program svchost incoming from IP 96.17.157.48:3478 blocked SourceDNS: a96-17-157-48.deploy.akamaitechnologies.com

    program svchost incoming from IP 124.40.51.144:3478 blocked

    program svchost incoming from IP 124.40.51.148:3478 blocked

    TIA.

    Operating System:
    Windows XP Pro
    Software Version:
    8.0
    Product Name:
    ZoneAlarm (Free)

    <hr></blockquote>


    and the other two unidentified IPs are:

    http://www.coolwhois.com/d/77.67.10.134

    and

    124.40.51.144http://www.coolwhois.com/d/124.40.51.144

    ....it could be windows doing updates....check the other network connection involved at the same time as these events occured..it may help to clue in to what is happening.
    It could be the svchost.exe is atemptong to connect to the cached server for obtaining web content.

    Also the port connections to 3478 is a little unusual...'stun 3478/tcp Session Traversal Utilities for NAT (STUN) port' see:

    http://www.iana.org/assignments/port-numbers

    description of the STUN port (also used in some games too and for certain web site contents)...

    http://en.wikipedia.org/wiki/STUN

    the RFC issue document for STUN:

    http://tools.ietf.org/html/rfc5389

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •