My firewall blocks this thing about 600 times, I’m very suprised with this thing but I don’t now what is this. I looked the Firewall logs. My firewall blocks this IP three days ago but with 1 time. But not the same ports. In addition the different IPs on there I can see svchost.exe again the some destination but different IP (126.96.36.199) and the a few different IPs. What is going on there? Call someone tell me? Is something going wrong?
Yeah I did this thing but right now I have too much blocking things around 192.168.X.X (Between the same IP). It came from Windows Operating System (WOS) or System? And the source port is always the same 53 or Type(3). How can I solve this problem?
The first part was about svchost.exe, but now it’s from WOS and System? It doesn’t necessarily mean an attack; it can be common internet traffic noise. I get those all the time surrounding WOS and System.
Type 3 is ICMP traffic, while port 53 is used for DNS lookup. You can post a sample of your log if you want.
Okey I attached it. Always like this, it keeps coming. I saw about 50-60 blocks in 20 minutes after I connected to Internet. But I don’t know what is the IP (188.8.131.52). After I saw this IP I look my active connections and I see it also here as UDP out and it had gone in 30 seconds or like this.
They are coming from WOS or System as you see in log. I know it. I set svchost.exe is outgoing only mode again then this blocks not coming. But as before the rule looked as Custom, but yesterday I brought it to Outgoing Only mode. Then there is no any problems. It is my fault I think.
And the other IP which started with 78, it is static IP and it is from our internet source Telekom. (One of their informatics partner.) Firewall blocked it but I looked up active connections it was here as UDP Out I said. It had gone about 30 seconds. Anyway, thanks for your helps