SVCHOST Activity

I have V3 with Build 276 on XP Pro 32 bit. Also running Norton Anti Virus and Spysweeper (gelded because CFW does not play nice with it).

Today, on the CFW Summary page, I noted 15 outbound connections. Upon investigation, found the following suspicious activity:

1. 1 UDP connection outbound from me to 65.54.227.136.3544. “WHOIS” says thats Microsoft. I terminated the connection. Call me paranoid, but I can’t think why Microsoft needs an outbound connection from me. I am wondering if I should make a rule to block outbound svchost udp to that IP address. Anyone have any idea why I may or may not want to allow that connection?

2. 11 outbound TCP connections from me (192.168.0.100. various 4 digit numbers) back to myself at 192.168.0.100.5678. These connectiuon refuse to stay terminated as well. Any one have an idea what this is all about? Should I make a rule to block it?

Thanks in advance.

Further Info: While waiting for the Brain Trust To give advice, I blocked the UDP connection. After all the work will not end if Microsoft does not hear from me.

A rule in Network Security Policy/Common/Application Rules to block UDP outbound from me to 65.54.227.136 any port did not work, even tho moved to top.

A similar rule in “Global Rules” does seem to have done the trick.

Now I will wait to see if any of my application such as Microsoft Game Zone or Live Messenger do not work right.

Along with MS updates. It’s Tuesday