[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 943
  • Last Modified:

SVCHOST:1136 Connected to Akamai

I'm using an IP tool that shows me my PC's IP connections.

It has revealed the IP address 207.126.99.151:80 has established a TCP connection to SVCHOST.EXE:1136
and also
65.65.163.19:443 to SVCHOST.EXE:1136

I looked up both of these IP addresses and they are owned by Akamai. It appears that this company hosts services for hundreds of other companies including Microsoft and many other "big" names.

I'm somewhat suspicious, but have run the lastest version of Ad-Aware and it did not flag this.

Any ideas as to what these connections might be doing?

Note: I'll need a concise and precise answer to award the full points. No guesses please.

0
dgwilson
Asked:
dgwilson
  • 5
  • 3
  • 2
  • +1
3 Solutions
 
sunray_2003Commented:
You are nothing to worry . But you are still not convinced check for spywares and adwares using these

********************

Spyware/Adware removal tools:
------------------------------

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm

*****************************

You may also want to update your virus definitions and check for viruses

Update your windows

Also have a firewall

Sunray
0
 
dgwilsonAuthor Commented:
ALL your suggestions are already implemented. See note at end of question.

DGW
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
sunray_2003Commented:
DGW,

I was giving you a suggestion of what svchost.exe means by that links

Actually it looks like akamai is connected to windows update .

If you have windows update enabled this will happen

http://www.smh.com.au/articles/2003/09/02/1062403496716.html

It is connecting to akamai servers

Sunray
0
 
dgwilsonAuthor Commented:
Thanks but I already know what svchost does and that Microsoft uses them, but as your EE link says "...Akamai is a well-known host for advertising services..." so I'm wondering if I can tell exactly WHO is using this connection on my PC.

I'm assuming your statement of "akamai is connected to windows update" is just a guess. Please refer to NOTE in original question.

None of the information you've provided gives me the method for discovering who owns this link.

dgw
0
 
sunray_2003Commented:
dgw,

I am sorry i am not able to help you exactly but I do remember your last statement of your question that I should not give any guesses

The link that i had given 2 links back states that windows users wanting updates are connected to akamai server


>> None of the information you've provided gives me the method for discovering who owns this link.

if you are the only person using the pc , disable windows update and all services.Then run that tool which you are using to
check if you still see svchost and that same IP address.

Sunray
0
 
mapledrumsCommented:
From what I gather from www.akamai.com, this company is in the ebusiness industry. First off, in this case, their customer could potentially be anyone. Second off, I know of web sites that spawn off pop-up ads using akamai's infrastructure.

I also found a link that states that Norton Live Update is using akamai's servers: http://www.itcompany.com/spystop.htm (search for akamai in the web page)

Peer-to-peer file sharing programs could be another potential source.

I believe that it might be impossible to trace all your connections to these "questionable" servers. Probably a better alternative would be to install a decent popup blocker/cookie cleaner like pop-up stopper (www.panicware.com), having a decent antivirus s/w with the latest virus signature updates, an adware cleaner. I believe the last two you've already installed.

Besides, from the connections that I see which you have, they're connected at ports 80 & 443, basically a web server & SSL connection. Something which I consider passive connections, as it has to be initiated from your client end to the server. As such, any suspicious activity which you detect could probably terminate such connections, if needed.

True, you or all your preventive software may not be able to capture all unauthorised/intrusive measures, but I believe in keeping yourself informed with the latest Internet "trends", and using a bit of common sense, the usual stuff: don't run suspicious attachments (even though it may seem to be from a trusted source), don't use pirated software, don't visit crack/hack, etc. web sites, make sure you have a decent firewall installed (hardware ones are the best), backup your critical data often, etc.

Finally, just keep an open mind about the Internet. The best or most secured place doesn't always mean it's the safest. No point worrying too much about things that is out of our control. If you're really curious about what transpires between your client & other servers or the Internet in general, install a protocol analyser and see/learn what is exchanged through your network. A lot of people I know have captured hidden/unknown (till it was captured) traffic through such tools. Ethereal (www.ethereal.com) is one such good tool to start from.

Have Fun & Good Luck.
0
 
The--CaptainCommented:
Did you even run "tasklist /svc" like the article suggested?  It's all well and good to say "I will only accept exact answers", but we need some additional info from you in order to provide one, since it is impossible to determine the problem without your participation.

*My* exact answer is:

If you wanted an OS that puts everything out in the open where you can see it, then you shouldn't be running XP.  Mickeysoft design philosophy is directly at odds with this idea, if you haven't noticed already.  Familiarize yourself with every process running on your XP box, and then you will be able to answer your own question.  If you are unwilling/unable to do that, then just accept the fact that XP itself (and other software you probably installed) rely on Akamai services to locate critical hosts (for updates, notifications, etc) and get over it already.

Do you even know what akamai is?  It is simply an optimized redundant DNS/server farm solution for companies (like Microsoft, Symantec, etc) that have a lot of users.  Akamai is just a bunch of DNS servers that resolve your DNS request to a server that should be fast and or close to you.  You connect to akamai hosted machines all the time, but you never see it or know it because it's not as regular and persistent as those update processes you are running that like to poll for updates and notifications constantly.

>None of the information you've provided gives me the method for discovering who owns this link

What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

You are hopeless - "windows update" is only a guess until you disable it on your machine and then post back here saying it did or did not remove one of your outbound connections from svchost...

Read this:

http://www.experts-exchange.com/Miscellaneous/Lounge/Q_20768606.html

and humble yourself

Cheers,
-Jon



0
 
dgwilsonAuthor Commented:
Jon,

>What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

Yes, I did and it only confirmed what the IP tool I used had told me, that SOMETHING had

>You are hopeless - "windows update" is only a guess until you ... blah, blah, blah

Who put a bee in YOUR bonnet? You way in here a week later with all your righteous indignation and superiority.

Well, since you OBVIOUSLY know more than all the rest of us combined, you OBVIOUSLY deserve ALL the points. But I'm going to give sunray and mapledrum some of them. Sunray for sticking in there and mapledrum for being the most verbose.

Thanks for all your help folks even though I never got a specific answer!

dgw
0
 
mapledrumsCommented:
Thanks for the points.

If you're asking how to trace who owns an IP address, do a "nslookup <IP address>" to obtain the domain name which the IP belongs to. Then you need to do a whois on the domain name. You can do a whois from this web site: http://www.internic.net/whois.html.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now