Ntoskrnl.exe Tcp 2100

RayPoynter · 06-14-2005, 05:04 PM

Hello,

I have been trying to dig up some information about why NTOSKRNL.EXE was trying to access TCP 2100 from a firewall log yesterday. Combing through Google, I found nothing!

First of, I am on a WinXP Pro SP2 machine, testing a Sygate personal Firewall.
I recieved this pop-up yesterday regarding ntoskrnl.exe.

Someone at Remote IP Address: 62.22.75.4 using TCP port 1921 was trying to access ntoskrnl.exe through TCP 2100.

Of course, I blocked this, but was curious to know, what was going on.

Any clues?

In addition, I have done the norm, scanned, scanned, scanned, and then some more scans. All with different AV, Trojan, Spyware, etc tools, system is clean.

**Buzz1927** · 06-14-2005, 05:17 PM

It's a legit process, see here. The IP address is from RIPE Network Coordination Centre that allocates IP addresses for Europe and other parts of the world. I had the same thing happen a few weeks ago, I think its to check if your IP address is being used.

RayPoynter · 06-14-2005, 05:29 PM

Hmmm, I see. I guess through all the panic, I never really did research the IP address, though I swear I did a lookup on it. Anyway, makes sense I guess, since this machine does have a presence on the outside world.

Thanks for your reply!

06-14-2005, 05:04 PM	#1 (permalink)
RayPoynter New Member Join Date: Jun 2005 Location: Oriskany, NY Age: 38 Posts: 3	Ntoskrnl.exe Tcp 2100 Hello, I have been trying to dig up some information about why NTOSKRNL.EXE was trying to access TCP 2100 from a firewall log yesterday. Combing through Google, I found nothing! First of, I am on a WinXP Pro SP2 machine, testing a Sygate personal Firewall. I recieved this pop-up yesterday regarding ntoskrnl.exe. Someone at Remote IP Address: 62.22.75.4 using TCP port 1921 was trying to access ntoskrnl.exe through TCP 2100. Of course, I blocked this, but was curious to know, what was going on. Any clues? In addition, I have done the norm, scanned, scanned, scanned, and then some more scans. All with different AV, Trojan, Spyware, etc tools, system is clean.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

06-14-2005, 05:17 PM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,617	It's a legit process, see here. The IP address is from RIPE Network Coordination Centre that allocates IP addresses for Europe and other parts of the world. I had the same thing happen a few weeks ago, I think its to check if your IP address is being used.

06-14-2005, 05:29 PM	#3 (permalink)
RayPoynter New Member Join Date: Jun 2005 Location: Oriskany, NY Age: 38 Posts: 3	Hmmm, I see. I guess through all the panic, I never really did research the IP address, though I swear I did a lookup on it. Anyway, makes sense I guess, since this machine does have a presence on the outside world. Thanks for your reply!