A Digital Age Deserves A Digital Leader

svchost.exe phoning home to ISP?

Postby SCgone » Sun Dec 31, 2006 2:33 pm

Computerwiz2489 wrote:No I don't use xFire.

Maybe it's not a big thing though. If I block it- I can't access the internet. So Internet Explorer might actually be using svchost to access the internet which would explain this whole deal but, the idea just scares me to death that svchost is sending requests to the ISP... Seriously, one would expect Internet Explorer to be accessing the internet. Ugh. :no

ZoneAlarm says it's only a DNS request, but if it's such a small deal then why was it denied?


It's common for my ISP to do this. They're probably probing the netbios name service with ICMP pings. Why? who knows, I tried to find out and gave up and I the company I work for is my ISP.
There are probably thousands of ISP's that do this and most folks never notice, unless they're running a firewall and look at the firewall logs. They'll find the logs filled up with a ton of IP's that resolve back to their ISP.
If they're denied, it does nothing as far as I can tell. ZA or something else like a router is probably blocking ping requests. I find them daily in the firewall log in my Netopia router.
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Postby Computerwiz2489 » Tue Jan 02, 2007 6:24 am

Hmmm... maybe they're testing for vulnerabilities or some sort? Most ISPs these days will cut off access if a computer isn't adequately protected. I know it's true for my ISP at least.

http://en.wikipedia.org/wiki/Internet_C ... e_Protocol

BTW do you know if a computer connected to my router is compromised if it keeps trying to initiate a NetBIOS session? ZoneAlarm keeps saying that a computer connected to my router keeps trying to initiate NetBIOS sessions.
PRO Level 15
Posts: 1043
Joined: Sat Oct 18, 2003 7:40 am
Location: Pro Networks forum board

Postby SCgone » Tue Jan 02, 2007 8:45 pm

Computerwiz2489 wrote:Hmmm... maybe they're testing for vulnerabilities or some sort? Most ISPs these days will cut off access if a computer isn't adequately protected. I know it's true for my ISP at least.

http://en.wikipedia.org/wiki/Internet_C ... e_Protocol

BTW do you know if a computer connected to my router is compromised if it keeps trying to initiate a NetBIOS session? ZoneAlarm keeps saying that a computer connected to my router keeps trying to initiate NetBIOS sessions.


That's hard to say. Trojans will attempt to open a Netbios connection. So if it's a particular program trying to open the connection then it could be harmful.
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Previous

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 5 guests