Suspicious Log [Resolved]

gman3791 · September 9, 2007, 3:57pm

Hey All,
I have been going over my log files and I am having some concerns.
Ill post the log entries here:

Date/Time :2007-09-09 10:50:16
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:0.0.0.0: :2869)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 0.0.0.0::2869

Date/Time :2007-09-09 10:49:01
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:255.255.255.255: :bootp(67))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)

The emboldened text is what concerns me. All I know is that 255.255.255.255 is a broadcast.

Can any one tell me my this keeps coming…I am unsure as to why my svchost keeps doing this. My firewall has logged this several times.

jasper2408 · September 9, 2007, 4:25pm

gman3791 post:1:

Hey All,
I have been going over my log files and I am having some concerns.
Ill post the log entries here:

Date/Time :2007-09-09 10:50:16
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:0.0.0.0: :2869)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 0.0.0.0::2869

Date/Time :2007-09-09 10:49:01
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:255.255.255.255: :bootp(67))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)

The emboldened text is what concerns me. All I know is that 255.255.255.255 is a broadcast.

Can any one tell me my this keeps coming…I am unsure as to why my svchost keeps doing this. My firewall has logged this several times.

The first log entry being blocked is from Upnp(Universal Plug and Play) and it is used by the OS to discover other Upnp devices on your network. This is normal.

The second entry should be allowed out as it is your pc trying to get an IP address from the DHCP server. This happens when your pc is first trying to get an IP address and broadcasts out trying to find the DHCP server.

You should have a default rule that allows all out unless you have changed the default rules to tighten them to your own preferences. At the least you should allow the second log entry to port 67.

Hope this helps

jasper

gman3791 · September 9, 2007, 5:37pm

Ok I unblocked the second entry for now. BUT I use an active IP Spoofer…Do you have any knowledge if this will interfere with that? I log onto alot of secure sites and thigns and I lately have not been very comfortable with my IP being thrown around…
Thanks BTW Jasper

jasper2408 · September 9, 2007, 5:46pm

If you do a reboot and are able to get an IP address then I would say you are alright.

jasper

gman3791 · September 9, 2007, 6:18pm

Hahaa I obviously have one!
Thanks Jasper

jasper2408 · September 9, 2007, 7:22pm

LOL !! Glad I could help.

jasper

system · September 9, 2007, 7:49pm

I close this thread and if you need it opened pm an online mod.