Suspicious DNS activity
Posted on 2003-03-27
I'm running Win XP Pro on a IBM Thinkpad T30. Recently, my laptop started performing internet accesses even though there should be none. When I reboot my system (to start afresh), my Zonealarm shows continuous internet accesses from scvhost.exe (Generic Host Process under win32). I fired up Ethereal and found tons of reverse DNS requests to wierd addresses such as pc-62-30-198-107-sm.blueyonder.co.uk, p50915B1A.dip.t-dialin.net, adsl-213-190-42-6.takas.lt, 213-97-171-45.uc.nombres.ttd.es, some to surfer.at, some to wanadoo.fr, etc.etc.
I've tried running fport from foundstone, but it always returns an empty table/list.
Any ideas what is going on? and how to fix it?