svchost connects to 208.111.148.114 / 208.111.148.248

please help…

on active connections, svchost connects to 208.111.148.114, 208.111.148.248 & 69.28.176.58 also when I ip search it came from Limelight Networks, LLC??

what seems to cause this??? viewing youtube?? but when i closed the browser the connection between svchost and those 2 ips still didnt stop. and continues.

can anyone explain this?

but why svchost? and not opera browser connecting to with those ips?

While you’re waiting for a helper to respond, you might take a look here.

http://www.limelightnetworks.com/customers.htm

They have quite a list of customers, including Facebook, Sun Microsystems (Java), Netflix and Microsoft.com. Perhaps you access one of their customer websites regularly? I think I saw on another forum this week that Youtube uses Silverlight and MS says on the linked page they use Limelight to support Silverlight. Personally I haven’t installed Silverlight at MS Updates yet, but I do view Youtube videos. Maybe my system is accessing these IP’s, too when I go to Youtube. Hmmmmm. Now you’ve got my curiosity up.

EDIT: Well, I just went to Youtube and I don’t see those IP’s in my active connections…just Youtube’s IP. Sorry I couldn’t be of more help. Perhaps someone else will jump in here with a thought.

Hi all,
this is my first post as I’ve just started using COMODO free last night hopping for the full pack to arrive from the UK soon as I am stationed at sunny Cairo-Egypt at the momnet :).

I’ve been having the same problem mentioned in this thread, as soon as my desktop goes on line ( connected to an ADSL Router) - even without serving the net - svchost acesses the internet with IP’s belong to LimeLight Netwroks Inc ( traced them), also connects to cds431.frf.llnw.net which are assigned to RIPE Network Coordination Center - Amstrdam.

Now, cleansing the system with the 3 Top Antivirus/Malware packages did not reveal anything, I had an Autorun.inf on my memory stick, and that was cleaned with the system. Well, I did go as far as reinstalling Windows XP, but still no joy, I’ve been hammred with all this connections.

I can block the connections as they hit my system, but Duh…, my band width is suffering badly with all these packetts (TCP/UDP) going back and forth… I really do not know what is going on. I’m an old guy, do not touch nasty sites :), hardly YouTube or facebook, do not have time to download music…etc… really apriciates if someone at your end guys can shade some lights on this!!!
Is it a Virus/Malware ??? At the momnet the Desktop with all my work is offline till I find out some answers, using my old laptop which works fine on the same connection, but Duno for how long. Both systems are running XP- SP3.

Well, regarding the RIPE connections, I too worried about these at one time. But after researching via Google, I find they do url/IP resolving type thing that IANA does, but for the region of Europe.

I had a suspicion what was causing the connections, though. One day I blocked the RIPE network in Comodo just to see what would happen and Comodo and Avast both could no longer go get their updates! Unblocking the network immediately allowed the updates to be successful without error. So I figured my suspicion was correct, that the internal updaters for these programs go get their updates at a server based in Europe. Maybe an expert here can confirm that for me, as I’m certainly no expert. LOL

If not from a server in Europe, at least through a server. E.g. My connection to the Comodo servers routes from Canada through Europe before getting to Comodo (verified with Tracert).

I’m currently noticing the same sort of thing (background connection attempts to Limelight). I ran tcpdump on my router and allowed one of the connections through, and it looks like Java is causing it.

Basically, every so often I see “svchost”, with parent “services”, trying to connect out to port 80 on various Limelight IPs. When I finally let it, and looked at the packets, I see a web connection with content like this:

HEAD /u/ESD7/JSCDL/jdk/6u13-b90/jre/jre-6u13-windows-i586-p-iftw.exe?tid=(some id) HTTP/1.1
Accept: /
Accept-Encoding: identity
User-Agent: Microsoft BITS/6.6
Host: javadl-alt.sun.com
Connection: Keep-Alive

The User-Agent corresponds to a service called “Background Intelligent Transfer Service”, which is used primarily by Windows Update. Seems like Java might be hooking into this to grab its own updates behind the scenes.

I set my svchost to outgoing only in the firewall policy.