Firewall: svchost.exe

J

jackz4000

New Member
2 days ago my DSL was upgraded to 24 MB and I got a new modem/router, a BEC Technologies 7402T which I think has an NAT firewall.

I've had free Zonealarm for 3 weeks now. Since my upgrade 2 days ago I have zero intrusions attempted on the Zonealarm log. Since the upgrade the only thing on the log was an outgoing from my computer which was blocked right after the upgrade.

Zone says the program was svchost.exe and my comp was trying to send it to port 53 on a DNS.

Anyway could the router firewall be blocking all the incoming bad stuff so well that Zonealarm does very little?
 
Typically NAT doesn't allow remote hosts to connect to your machine, so it is more of blocking the outside world.

As for sending out, I don't really think that is your routers config, though I am not saying its not, it is just not as likely.

svchost.exe is a process that runs groups of processes in start up in windows. So there could be multiple instances of it running, that is normal. From the command line you can run tasklist /svc to list out the processes running under svchost.exe.

To answer your question about zonealarm being useless, is yes pretty much. It is always a good idea to have layered security, a software firewall does infact add more security to your layered security. However, if you havea firewall in your router that supports NAT most likely you are almost secure enough as is. I have had a router that supports NAT firewalls since just after 2000. I have not had a virus on my system since and the spyware I have had has been extremely minimal. But, I also play it safe when it comes to browsing/downloads...

Did your connection type change? Is it PPoE? or just a direct connection? I would see what process in that svhost is actually trying to connect to a DNS
 
Thanks tlarkin. I remember your post a couple weeks ago about NAT and layered firewalls. But, I am a bit surprised to see that nothing gets by the router firewall for Zonealarm to handle. I used to get 20 remote outside attempts per day according to the Zone log. Last 2 days, nothing.

By the IP #'s the DNS is very close by, like the telephone co nearby. Cheers, Jack

 
That is exactly what NAT does, it does not allow remote hosts to connect to your network. You have to go into your router and allow port forwarding and such for apps like remote desktop, vnc, ssh, etc to even get into your network.
 
You must log in or register to reply here.
Back
Top