[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] svchost.exe try to send http outside

To: howard.lee@xxxxxxxxx
Subject: Re: [Full-disclosure] svchost.exe try to send http outside
From: Simon Richter <Simon.Richter@xxxxxxxxxx>
Date: Wed, 17 Aug 2005 13:48:57 +0200

Hi,

howard.lee@xxxxxxxxx wrote:

> The svchost.exe will stop to run when I stop the automatic update.

> But I'm sure the IP tried to connect by the svchost is NOT MS related site.

> 218.213.255.29
> 80.15.249.167

I believe this to be automatic update. The second IP address is listed
for Akamai, which Microsoft uses as a hoster for their update sites. The
first one belongs to an ISP, and it is not unusual for Akamai to have
small numbers of machines as mirrors on ISP networks. You should perhaps
inquire with HKnet, who owns the IP block, whether the IP in question is
a server operated by Akamai.

   Simon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] svchost.exe try to send http outside
  - From: howard . lee

Prev by Date: Re: [Full-disclosure] svchost.exe try to send http outside
Next by Date: Re: [Full-disclosure] Disney Down?
Previous by thread: Re: [Full-disclosure] svchost.exe try to send http outside
Next by thread: RE: [Full-disclosure] svchost.exe try to send http outside
Index(es):
- Date
- Thread