I noticed this in resource manager under network when looking at the network activity when connecting via rdp to a system in an ipsec vpn wan (point-to-point ipsec tunnel and system is on the other end of tunnel)--mstsc and lsass seem to briefly connect to microsoft or some other network that's probably also connecting to microsoft.
Just now when I tore down and reconnected to the system I'm typing on now:
Image PID Address Send (B/sec) Receive (B/sec) Total (B/sec)
lsass.exe 560 vip0x008.map2.ssl.hwcdn.net 30 5,240 5,270
This IP resolves to StackPath LLC. Other IPs I've noticed today are 23.59.155.80 and 13.107.4.50.
Just curious what this is all about since these connections are essentially being initiated and connected to within two different subnets on a LAN with no domains, AD, etc.
Any ideas welcome.
Just now when I tore down and reconnected to the system I'm typing on now:
Image PID Address Send (B/sec) Receive (B/sec) Total (B/sec)
lsass.exe 560 vip0x008.map2.ssl.hwcdn.net 30 5,240 5,270
This IP resolves to StackPath LLC. Other IPs I've noticed today are 23.59.155.80 and 13.107.4.50.
Just curious what this is all about since these connections are essentially being initiated and connected to within two different subnets on a LAN with no domains, AD, etc.
Any ideas welcome.