Why Is svchost In My Router????

[Guest]

Yesterday by chance I discovered an entry in my router's persistent port
forwarding screen. The description is "svchost (192.168.2.2:1032) 41670
UDP", public port is 41670 and forwarding to private port 1032. My pc's ip
is 192.168.2.2. I removed the entry but after rebooting my machine it was
back.

I checked the registry (I'm using Windows XP Pro complete w/ all updates)
and found this entry:
HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\svchost
(192.168.2.2:1032) 41670 UDP. The data is in binary format.

Does anyone know if this entry is being put there by a legit Windows process
or should I be concerned?

 

[Vanguard \(NPI\)]

Yesterday by chance I discovered an entry in my router's persistent port
forwarding screen. The description is "svchost (192.168.2.2:1032) 41670
UDP", public port is 41670 and forwarding to private port 1032. My pc's
ip
is 192.168.2.2. I removed the entry but after rebooting my machine it was
back.

I checked the registry (I'm using Windows XP Pro complete w/ all updates)
and found this entry:
HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\svchost
(192.168.2.2:1032) 41670 UDP. The data is in binary format.

Does anyone know if this entry is being put there by a legit Windows
process
or should I be concerned?

Windows, or any OS, can't be putting entries into your router without your
permission. The router will require you to login (if you don't have it
password protected for its login then now is a good time to enable that
option in the router). Maybe you enabled an option in your router that
opens this port, like maybe letting it pass or send UDP requests for UPnP.
Seems your router wants this definition but you never mentioned WHICH router
(brand and model) that you have so no one familiar with it can help.

http://www.iana.org/assignments/port-numbers lists "BBN IAD" for ports
1030-1032, but that abbreviation is worthless (IANA isn't known for explicit
and informative titling of their port number assignments). Although IANA
assigns common uses of port numbers, that doesn't preclude any software from
using whatever port it wants.

You might want to visit the web site for whatever router that you have to
see why they require using and opening this port. It is likely tied to some
function you have enabled in the router.

 

[Guest]

Thanks Vanguard for your reply. I'm using the Microsoft MN-500 wireless
router, although my pc is wired to it.

 

[Guest]

Somebody suggested to me that I disable the Universal Plug and Play Device
Host service, which I did and the problem went away. After removing that
entry in the router and in the registry, I rebooted a few times and the entry
did not come back. Obviously, it was put there by UPnP.

 

[Sparda]

Yesterday by chance I discovered an entry in my router's
persistent port
forwarding screen. The description is "svchost
(192.168.2.2:1032) 41670
UDP", public port is 41670 and forwarding to private port
1032. My pc's ip
is 192.168.2.2. I removed the entry but after rebooting my
machine it was
back.

I checked the registry (I'm using Windows XP Pro complete w/
all updates)
and found this entry:
HKLMSOFTWAREMicrosoftDirectPlayNATHelpDPNHUPnPActiveNATMa
ppingssvchost

(192.168.2.2:1032) 41670 UDP. The data is in binary format.

Does anyone know if this entry is being put there by a legit
Windows process
or should I be concerned?

You should be concerned reguradless of whether it is "ligitimate" or
not, you should take messurs to stop such activits, in this case the
best would be to install a good firewall, I would personaly recomend
ZoneAlarm.

ZoneAlarm:
http://www.zonelabs.com/store/conte...sp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass