Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > What is this? cds94.atl.llnw.net

Reply
Thread Tools

What is this? cds94.atl.llnw.net

 
 
G. Morgan
Guest
Posts: n/a
 
      03-09-2008
I ended up having to block this bugger with HOSTS file because it kept making a
connection and transferring. What the hell is this?

svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
^^^^^^^^^^^^^^^^^
Are these guys legit, and what software/crapware is opening the connection?

Registrant:
Limelight Networks
2220 W. 14th Street
Tempe, Arizona 85281-6945
United States




--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org
 
Reply With Quote
 
 
 
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      03-09-2008
G. Morgan wrote:

> I ended up having to block this bugger with HOSTS file because it kept
> making a connection and transferring. What the hell is this?
>
> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
> ^^^^^^^^^^^^^^^^^
> Are these guys legit, and what software/crapware is opening the connection?
>
> Registrant:
> Limelight Networks
> 2220 W. 14th Street
> Tempe, Arizona 85281-6945
> United States


Google is your friend. It is a content delivery network. What page were
you on when you noticed it?

http://en.wikipedia.org/wiki/Limelight_Networks

http://www.google.com/search?hl=en&q...ht+networks%22

--
-bts
-Motorcycles defy gravity; cars just suck
 
Reply With Quote
 
 
 
 
Blinky the Shark
Guest
Posts: n/a
 
      03-09-2008
G.Morgan wrote:

> I ended up having to block this bugger with HOSTS file because it kept making a
> connection and transferring. What the hell is this?
>
> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
> ^^^^^^^^^^^^^^^^^
> Are these guys legit, and what software/crapware is opening the connection?
>
> Registrant:
> Limelight Networks
> 2220 W. 14th Street
> Tempe, Arizona 85281-6945
> United States


http://en.wikipedia.org/wiki/Limelight_Networks

--
Blinky
Killing all posts from Google Groups
The Usenet Improvement Project: http://improve-usenet.org
Blinky: http://blinkynet.net

 
Reply With Quote
 
G. Morgan
Guest
Posts: n/a
 
      03-09-2008
Beauregard T. Shagnasty wrote:

>G. Morgan wrote:
>
>> I ended up having to block this bugger with HOSTS file because it kept
>> making a connection and transferring. What the hell is this?
>>
>> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
>> ^^^^^^^^^^^^^^^^^
>> Are these guys legit, and what software/crapware is opening the connection?
>>
>> Registrant:
>> Limelight Networks
>> 2220 W. 14th Street
>> Tempe, Arizona 85281-6945
>> United States

>
>Google is your friend. It is a content delivery network. What page were
>you on when you noticed it?


No browser was open. It's coming from:
C:\WINDOWS\System32\svchost.exe -k netsvcs

I think it has something to do with automatic updates but I have them turned
off. In fact - trying to troubleshoot I went to MS update website and got an
error after I blocked the IP block in my firewall.

--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org
 
Reply With Quote
 
G. Morgan
Guest
Posts: n/a
 
      03-09-2008
Blinky the Shark wrote:

>G.Morgan wrote:
>
>> I ended up having to block this bugger with HOSTS file because it kept making a
>> connection and transferring. What the hell is this?
>>
>> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
>> ^^^^^^^^^^^^^^^^^
>> Are these guys legit, and what software/crapware is opening the connection?
>>
>> Registrant:
>> Limelight Networks
>> 2220 W. 14th Street
>> Tempe, Arizona 85281-6945
>> United States

>
>http://en.wikipedia.org/wiki/Limelight_Networks


Thanks, that doesn't help narrow it down though. See my reply to Shagnasty, I
think it may be MS updates phoning home - even though I have it turned off.

--

I kill all Google Group posts, you can too.
Take back Usenet <--> http://improve-usenet.org
 
Reply With Quote
 
Blinky the Shark
Guest
Posts: n/a
 
      03-09-2008
G.Morgan wrote:

> Blinky the Shark wrote:
>
>>G.Morgan wrote:
>>
>>> I ended up having to block this bugger with HOSTS file because it kept making a
>>> connection and transferring. What the hell is this?
>>>
>>> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
>>> ^^^^^^^^^^^^^^^^^
>>> Are these guys legit, and what software/crapware is opening the connection?
>>>
>>> Registrant:
>>> Limelight Networks
>>> 2220 W. 14th Street
>>> Tempe, Arizona 85281-6945
>>> United States

>>
>>http://en.wikipedia.org/wiki/Limelight_Networks

>
> Thanks, that doesn't help narrow it down though. See my reply to Shagnasty, I
> think it may be MS updates phoning home - even though I have it turned off.


One of the things specifically asked was "are these guys legit?" I don't
know about that file, but I believe that link answers that quesiton.

Meanwhile, while I didn't find anything on that specific file, I found
this on one that looks suspiciously similar. I don't know that it's
relevant but it might be.

http://spywaredetector.net/spyware_e...%20Shooter.htm


--
Blinky
Killing all posts from Google Groups
The Usenet Improvement Project: http://improve-usenet.org
Blinky: http://blinkynet.net

 
Reply With Quote
 
VanguardLH
Guest
Posts: n/a
 
      03-09-2008
"G. Morgan" wrote in message
news:68715191c65a156ce3c23d6408ab1bd9np@goofysplac e.com...
> I ended up having to block this bugger with HOSTS file because it
> kept making a
> connection and transferring. What the hell is this?
>
> svchost.exe:892 TCP mypc:1439 cds94.atl.llnw.net:http CLOSE_WAIT
> ^^^^^^^^^^^^^^^^^
> Are these guys legit, and what software/crapware is opening the
> connection?
>
> Registrant:
> Limelight Networks
> 2220 W. 14th Street
> Tempe, Arizona 85281-6945
> United States



All you know is that svchost.exe is making the connection. svchost
rolls up several NT services until one process, and you may have
multiple instances of svchost concurrently running. The PID (process
ID) is 892. You can use Process Explorer from SysInternals to see
what NT services got rolled up into the svchost.exe instance with PID
of 892. That might start to lead you to which NT service wanted to
make the connection.

Why use a hosts file? Why not add the site to a block list in your
firewall where you could then monitor any further attempts to connect
by looking in the firewall's log? Most firewalls let you block on an
IP address. Some also include URL blocking (so the DNS request never
gets out to get back the IP address). You could also change from
using the DNS server supplied by the DHCP setup for you TCP/IP
configuration to using OpenDNS where, in your account, you can block
domains (but only if an IP name is used which requires the DNS lookup
to get the IP name; however, if the process uses an IP address then
there is no DNS lookup).

http://en.wikipedia.org/wiki/Windows...tartup_process

You do know that much of Microsoft's worlwide load-balanced content,
like for Windows Updates, is delivered through Akamai hosts, right?
They probably don't like Limelight stealing some of that content
revenue from Microsoft.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments