win2000: unexplained internet access

  • Thread starter Thread starter Chris Smowton
  • Start date Start date
C

Chris Smowton

I recently noticed a lot of unexplained internet activity on my
network, and checked out Kerio Personal Firewall's display of current
connections - the offending one was from the Win2000 machine, which
acts as a gateway, to an un-named machine 213.199.146.24.

The trace, once it exits my ISP, goes:

10 33 ms 27 ms 26 ms igbtmdistc7503.msft.net
[195.66.226.140]
11 34 ms 35 ms 32 ms 213.199.144.46
12 31 ms 27 ms 27 ms 213.199.146.24

The connection, according to Kerio, is owned by SVCHOST.EXE, part of
win2k. What do you think could be going on here?
 
Hi Chris,

SVCHOST.EXE is a generic host process name for a number of differing (depending on
computer configuration) services that are run from dynamic-link libraries (DLLs).
You can view the (unique to your computer) list of services that are running in
Svchost by using tlist.exe - one of the Support Tools included on the Windows 2000 CD
(see Windows 2000 Help topic "To install Windows 2000 Support Tools").

With that tlist perhaps you can try and figure out what particular service on your
computer is using svchost.exe, and whether or not it needs internet access. For
my computer setup and general web browsing, svchost never needed Internet Access.
See the following Microsoft Knowledge Base Article for more information on
svchost.exe:

KB250320 - Description of Svchost.exe in Windows 2000
http://support.microsoft.com/?scid=250320

Also, to get an idea of what services can run in svchost, you could look for
svchost.exe in the column named "Process Name" on the following Web Page:

Windows 2000 Professional and Server Services Configuration by Black Viper
http://www.blkviper.com/WIN2K/servicecfg.htm

--
Carrie Garth, Microsoft MVP for Windows 2000
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- c x g

: "Chris Smowton" <smowtonchris AT hotmail DOT com>
: Wrote in message : Sent: Friday, August 01, 2003 04:53 PM
: I recently noticed a lot of unexplained internet activity on my
: network, and checked out Kerio Personal Firewall's display of current
: connections - the offending one was from the Win2000 machine, which
: acts as a gateway, to an un-named machine 213.199.146.24.
:
: The trace, once it exits my ISP, goes:
:
: 10 33 ms 27 ms 26 ms igbtmdistc7503.msft.net
: [195.66.226.140]
: 11 34 ms 35 ms 32 ms 213.199.144.46
: 12 31 ms 27 ms 27 ms 213.199.146.24
:
: The connection, according to Kerio, is owned by SVCHOST.EXE, part of
: win2k. What do you think could be going on here?
 
Back
Top