Why is a generic host process trying to hit cais.net?

Folks

My outgoing firewall on Windows XP SP2 fully patched is telling me
that the Generic Host process for Win32 Services is trying to hit
63-217-20-36.sdsl.cais.net - IP address is 63.217.20.36.

There are quite a number of other IP address ranges none of which
belong to Microsoft. The port 443 hits to indeed belong to Microsoft
so I've permitted my firewall to pass those.

What the heck is going on? In the past the IP addresses belonged to
akamai.net so I was willing go along with that.

I *DESPISE* how Microsoft has made these generic host processes so
utterly difficult to understand and track just what the heck is going
on.

Tony

--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

"Tony Toews [MVP]" <> wrote:

>My outgoing firewall on Windows XP SP2 fully patched is telling me
>that the Generic Host process for Win32 Services is trying to hit
>63-217-20-36.sdsl.cais.net - IP address is 63.217.20.36.

BTW just to make this clear. This happens when Microsoft Update is
executing as well. So the Generic Host Process is being initiated by
Microsoft Update as well as on it's own.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

"Tony Toews [MVP]" <> wrote in message
news:...
> Folks
>
> My outgoing firewall on Windows XP SP2 fully patched is telling me
> that the Generic Host process for Win32 Services is trying to hit
> 63-217-20-36.sdsl.cais.net - IP address is 63.217.20.36.
>
> There are quite a number of other IP address ranges none of which
> belong to Microsoft. The port 443 hits to indeed belong to Microsoft
> so I've permitted my firewall to pass those.
>
> What the heck is going on? In the past the IP addresses belonged to
> akamai.net so I was willing go along with that.


Perhaps its just a symptom of an out-of-date reverse lookup?
Take a netcap trace and format it with Ethereal (aka WireShark).
Look for a DNS exchange which involves that IP address.
E.g. if that address was returned in a lookup request, what name
was used? Or if that name was used why was it used?
(Perhaps by a redirect for a more acceptable request?)

BTW here's a clue from telnet (just requesting that IP address):

<telnet>
Server: AkamaiGHost
</telnet>

MS contracts with Akamai; perhaps Akamai subcontracts to other hosts?


>
> I *DESPISE* how Microsoft has made these generic host processes so
> utterly difficult to understand and track just what the heck is going
> on.


Me too! <eg>


Good luck

Robert Aldwinckle
---

Robert Aldwinckle wrote:

> "Tony Toews [MVP]" <> wrote in message
> news:...
>
>>Folks
>>
>>My outgoing firewall on Windows XP SP2 fully patched is telling me
>>that the Generic Host process for Win32 Services is trying to hit
>>63-217-20-36.sdsl.cais.net - IP address is 63.217.20.36.
>>
>>There are quite a number of other IP address ranges none of which
>>belong to Microsoft. The port 443 hits to indeed belong to Microsoft
>>so I've permitted my firewall to pass those.
>>
>>What the heck is going on? In the past the IP addresses belonged to
>>akamai.net so I was willing go along with that.
>
>
> Perhaps its just a symptom of an out-of-date reverse lookup?
> Take a netcap trace and format it with Ethereal (aka WireShark).
> Look for a DNS exchange which involves that IP address.
> E.g. if that address was returned in a lookup request, what name
> was used? Or if that name was used why was it used?
> (Perhaps by a redirect for a more acceptable request?)
>
> BTW here's a clue from telnet (just requesting that IP address):
>
> <telnet>
> Server: AkamaiGHost
> </telnet>
>
> MS contracts with Akamai; perhaps Akamai subcontracts to other hosts?
>
>>I *DESPISE* how Microsoft has made these generic host processes so
>>utterly difficult to understand and track just what the heck is going
>>on.
>
> Me too! <eg>
>
> Good luck
>
> Robert Aldwinckle
> ---


Is this Version 2.0 of 'Trustworthy Computing'? <()>


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============