Friday March 28, 2008
An inbound UDP from 129.33.82.52
This morning, my Symantec client firewall popped up this warning:
A remote system is attempting to access Microsoft Generic Host Porcess for Win32 Services on your computer.
Program: svchost.exe
Path: C:\WINDOWS\system32\
Protocol: UDP (Inbound)
Remote Address: 129.33.82.52 : 1421
Symantec recommended to permit always. Just to be safe, I clicked Block Once. Then there came another UDP from a different host/port in the same subnet: 129.33.82.51 : 1211. After clicking Block Once again, another UDP from 129.33.82.50 : 1211.
Whois search (http://cqcounter.com/whois/) result for these hosts:
IP Address : 129.33.82.52 [ testws001.boulder.mebs.ihost.com ]
ISP : IBM
Organization : IBM
Location :US, United States
City : Durham, NC 27709
Latitude : 35°91'38" North
Longitude : 78°84'89" West
Last evening, I was trying to download Thinkpad upgrades from ibm website in another machine. That might have been the cause for these UDP requests. After blocking them, I haven't seen any side-effects yet. So I think it's safe to do so.
Posted at 10:01AM Mar 28, 2008 by chengfang in Other | Comments[0]
