I am observing outbound requests from svchost.exe on port 53 from my PC to the Router (192.168.1.254) to high valued port numbers; above 40000 usually. There are not a lot of these but I am concerned as to what could be initiating these.
Just a point of clarification, the svchost source port is 53. And is it TCP or UDP?
Normal DNS traffic is to outbound, connecting to a router or a DNS server where the destination port on the remote device is UDP port 53. But if your source port is 53 then that’s very unusual. And if it’s TCP, then I’d say you’re almost guaranteed of something being a problem.
Sorry. I should have stated my inquiry better.
The destination port is 53 and the source ports are usually in the 50000 - 59999 range.
Thank you. A destination port of 53 sounds much more normal. UDP port 53 is used by DNS nameservers as the standard port for taking queries to translate Internet domain names into Internet IP addresses. It’s how www.google.com turns into 74.125.95.99.
If your machine is running the “DNS Client” service, then that would be the originating process. Otherwise, the operating system itself will produce the queries.
The originating process is svchost.exe. As you indicated, this activity is most likely DNS Client service. I won’t worry about it anymore since it’s outbound to the router only.
Comodo is the first firewall I have used that used that actually showed log entries for port 53 outbound to the router.
Thanks for your help.
To see what processes are running svchost try svchostviewer: http://www.codeplex.com/svchostviewer .