H
Helge Haensel
Hallo NG!
Each morning when starting the system (WiXPh, SP2, all patches) TCPView
shows within seconds:
SVCHOST.EXE:876 TCP 192.168.1.11:1077 213.200.97.166:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1081 212.73.246.62:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1083 207.46.144.219:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1086 207.46.144.219:443 ESTABLISHED
Well, 207.46.*.* adresses MS.net in Redmond. I dont like it, but is OK.
A Whois with the other addresses leads to
% Information related to '213.200.97.128 - 213.200.97.255'
inetnum: 213.200.97.128 - 213.200.97.255
netname: AKAMAI-TINET
descr: Akamai Technologies
country: US
admin-c: JOI-RIPE
tech-c: JOI-RIPE
status: ASSIGNED PA
mnt-by: TISCALI-INT-NET
source: RIPE # Filtered
person: Johannes Magnusson
address: RB
address: Kalkofnsvegur 1
address: 150 Reykjavik
address: ICELAND
phone: +354 569 8877
e-mail: (e-mail address removed)
nic-hdl: JOI-RIPE
source: RIPE # Filtered
% Information related to '213.200.64.0/18AS3257'
route: 213.200.64.0/18
descr: Tiscali International Network
origin: AS3257
mnt-by: TISCALI-INT-ROUTE
source: RIPE # Filtered
% Information related to '212.73.246.32 - 212.73.246.63'
inetnum: 212.73.246.32 - 212.73.246.63
netname: SAVVIS-FR
descr: BBBK47487
country: fr
admin-c: DP6466-RIPE
tech-c: LTHM
status: ASSIGNED PA
remarks: all abuse reports to (e-mail address removed)
mnt-by: LEVEL3-MNT
mnt-lower: LEVEL3-MNT
source: RIPE # Filtered
role: LEVEL3 Hostmaster
address: Level (3) Communications
address: 100 Leman Street
address: London
address: E1 8EU
phone: +44-20-7864-4444
remarks: trouble: 24 Hour Call +44-08000-927-729
remarks: trouble: Abuse reports to (e-mail address removed)3.net
admin-c: STUD1-RIPE
admin-c: DT16-RIPE
admin-c: MATT69-RIPE
admin-c: JA600-RIPE
admin-c: JT4883-RIPE
tech-c: LTEE
nic-hdl: LTHM
remarks: Peering issues to (e-mail address removed)3.net
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
abuse-mailbox: (e-mail address removed)3.net
person: David Perez
address: DIGITAL ISLAND INC
address: California
phone: +1-415 738 4150
nic-hdl: DP6466-RIPE
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
% Information related to '212.73.192.0/18AS9057'
route: 212.73.192.0/18
descr: Level 3 RIPE block
origin: AS9057
remarks: Abuse reports to (e-mail address removed)3.net
remarks: Peering contact is (e-mail address removed)3.net
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
What is going on here. Is it allrigth. Can I block the
addresses by my router or somehow else? I dont think it is that
easy possible because they are from a net-pool and changing.
I check my pc daily with stinger, f-prot and antivir and never
got an alarm yet or any other indication of malware.
Any ideas, info and/or help appreciated.
Vy 73! Helge
Each morning when starting the system (WiXPh, SP2, all patches) TCPView
shows within seconds:
SVCHOST.EXE:876 TCP 192.168.1.11:1077 213.200.97.166:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1081 212.73.246.62:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1083 207.46.144.219:80 ESTABLISHED
SVCHOST.EXE:876 TCP 192.168.1.11:1086 207.46.144.219:443 ESTABLISHED
Well, 207.46.*.* adresses MS.net in Redmond. I dont like it, but is OK.
A Whois with the other addresses leads to
% Information related to '213.200.97.128 - 213.200.97.255'
inetnum: 213.200.97.128 - 213.200.97.255
netname: AKAMAI-TINET
descr: Akamai Technologies
country: US
admin-c: JOI-RIPE
tech-c: JOI-RIPE
status: ASSIGNED PA
mnt-by: TISCALI-INT-NET
source: RIPE # Filtered
person: Johannes Magnusson
address: RB
address: Kalkofnsvegur 1
address: 150 Reykjavik
address: ICELAND
phone: +354 569 8877
e-mail: (e-mail address removed)
nic-hdl: JOI-RIPE
source: RIPE # Filtered
% Information related to '213.200.64.0/18AS3257'
route: 213.200.64.0/18
descr: Tiscali International Network
origin: AS3257
mnt-by: TISCALI-INT-ROUTE
source: RIPE # Filtered
% Information related to '212.73.246.32 - 212.73.246.63'
inetnum: 212.73.246.32 - 212.73.246.63
netname: SAVVIS-FR
descr: BBBK47487
country: fr
admin-c: DP6466-RIPE
tech-c: LTHM
status: ASSIGNED PA
remarks: all abuse reports to (e-mail address removed)
mnt-by: LEVEL3-MNT
mnt-lower: LEVEL3-MNT
source: RIPE # Filtered
role: LEVEL3 Hostmaster
address: Level (3) Communications
address: 100 Leman Street
address: London
address: E1 8EU
phone: +44-20-7864-4444
remarks: trouble: 24 Hour Call +44-08000-927-729
remarks: trouble: Abuse reports to (e-mail address removed)3.net
admin-c: STUD1-RIPE
admin-c: DT16-RIPE
admin-c: MATT69-RIPE
admin-c: JA600-RIPE
admin-c: JT4883-RIPE
tech-c: LTEE
nic-hdl: LTHM
remarks: Peering issues to (e-mail address removed)3.net
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
abuse-mailbox: (e-mail address removed)3.net
person: David Perez
address: DIGITAL ISLAND INC
address: California
phone: +1-415 738 4150
nic-hdl: DP6466-RIPE
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
% Information related to '212.73.192.0/18AS9057'
route: 212.73.192.0/18
descr: Level 3 RIPE block
origin: AS9057
remarks: Abuse reports to (e-mail address removed)3.net
remarks: Peering contact is (e-mail address removed)3.net
mnt-by: LEVEL3-MNT
source: RIPE # Filtered
What is going on here. Is it allrigth. Can I block the
addresses by my router or somehow else? I dont think it is that
easy possible because they are from a net-pool and changing.
I check my pc daily with stinger, f-prot and antivir and never
got an alarm yet or any other indication of malware.
Any ideas, info and/or help appreciated.
Vy 73! Helge