FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


[Solved]Foreign IP Requesting Packets HTTPS





Sparda
Hello,

I just recently did a 'netstat -a' check with command prompt and I noticed a foreign IP address is established through the 443 HTTPS port.

I have nothing really being used besides backgrounds processes. I started up TCP View and it appears to be using svchost.exe. Every few seconds 2 packets are being sent by the looks of it.

I tried looking up the IP to find some information about it, but I really can't find much information besides location and ISP. As of now I have the HTTPS port disabled on my network for precaution.

Here is the Foreign IP: 209.107.220.166

I wonder if this is a network security threat. Does anyone have any information on this matter?


~Much appreciated for any suggestions or any possible solution
Fire Boar
Use netstat -ano to find out which process is creating the connection. IP addresses could mean anything, it's the process from which you can get the most information.
Sparda
The PID is 1728 but as I said before it seems to be using a svchost.exe process. I haven't a clue how to get information from such a process actually. I'll list information from TCP View:

Running from "C:\Windows\System32\svchost.exe"
Protocol: TCP
Local Port: 50797
Remote Port: 443 (HTTPS)
PID: 1728

Still, every few seconds a packet is being sent. I just did a Google search for svchost.exe PID 1728, but I didn't find anything out. I also tried doing this command in command prompt:

TASKLIST /SVC /FI "IMAGENAME EQ SVCHOST.EXE"

And Akamai appears as what is controlling the process. That's the name of the ISP from looking up the IP Address. I checked "Computer Management" and found the service is called "Akamai NetSession Interface" Googled that and found their website:

http://www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html


Doesn't seem like anything I need/want. Looks suspicious to me.
Fire Boar
Ah, sorry, I missed the part where you mentioned the name of the process. Akamai is fine, it's sometimes installed with some online games and I think at one point it was distributed with MacAfee. Uninstall it if you like, it's probably fairly redundant.
Related topics
Question before requesting free hosting
Cisco 2821 port forwarding
How to change MX Record on FriHost?
IP header field for Protocol
routers and IP addresses
Online Privacy
How secure are anonymous proxies?
detect ip, block ip
A Family of Protocols
Best way for one IP, many domains, https for all domains?
[SOLVED] Banning people from visiting my IP Address?
am i able to use HTTPS or any other way to make my pass safe
finding your ip address
The requested URL could not be retrieved
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.