Need help with Inbound attemts on SVCHOST.EXE


Recommended Posts

I am having a little difficulty finding the source of an atempted inbound connection to svchost.exe and am hoping you guys can help me out.

I use NIS 2003 and have it configured to my paticular needs. However, over the past few days I keep getting a security alert informing me that a remote computer is trying to access SVCHOST.EXE : 65.57.163.73 :32809/10 (UDP) port 1026.

I have tryed doing a traceroute to that IP but the only info I can decifer is it belongs to Level3 Communications. I have also done a "tasklist /svc" at the command prompt but again, that sheds no light on the situation.

Basicly, what I am wanting to know is, Why is this IP trying to access svchost AND what is svchost being used by ?

At the moment I am Blocking all attemts from the IP, but am unsure what to do as a long term plan.

Any help would be great.

TIA

Link to comment
Share on other sites

OK, So what you saying? I`m being paranoid? I never said I wasnt. The thread you directed me to was realy of little use, Yea I read it and understood it but it did not answer my question.

I am still none the wiser as to why this IP is attemping to access SVCHOST (may be a ping, I dunno) and what service is attaced to the said svchost.

What I am wanting to know is what to do about the "attack" , perm block it or always accept it ? and how I find out what service is being used and why the IP is trying to access it.

I am not saying that the thread you directed me to was useless, in fact it was an interesting read, just, it did not realy answer my questions.

NiTeFlY

:)

Link to comment
Share on other sites

If the IP is 0.0.0.0 or 127.0.0.1 then there is nothing to worry.

0.0.0.0 is an invalid IP and 127.0.0.1 is a local loopback.

Link to comment
Share on other sites

IP - 65.57.163.73 (:32809,32810) Port 1026 UDP

If thats not your IP. :unsure:

Don't worry about it.

Link to comment
Share on other sites

Have you tried thier webpage?

http://www.level3.com/ not too shabby.

They have branches all over the world. They probably own, lease, or somehow provide some kind of service to your ISP, and the port is probably something routine like DNS or some kind of authentication. Or maybe you have a personal site through a company that gets thier bandwidth from them.

If you really wanna know email your ISP or fire off an email to ipaddressing@level3.com.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.