is this something to be suspicious about?

I was checkin out my net connections when I saw i was connected to a 10.10.x.x . In othe words... someone on my LAN (in at school using wireless). The program was svchost.exe.

this is what was copied:
svchost.exe:1084 TCP x.ucr.edu:1412 10.10.x.x:2869 ESTABLISHED

So i was wonderin why am i connected to this guy. It establishes connection and the cuts off, establishes, cuts off, etc...

I have zonealarm and it's set on high right now. So i decided to add the ip to my blocked list. Then finally the alert came that zonealarm blocked a multicast to my ip? I clicked for more info and it says it tried to connecto to my port 1900. The source IP was the 10.10.x.x and destination was 239.255.255.xxx. wierd... i'm kinda confused on all this. Could someone kinda sort this out a bit?

thanks.

Not really. MS uses it for Simple Service Discovery Protocol (SSDP) as of SP2 of XP. Universal PnP over TCP also uses that port, but I'm not sure if it changes with SP2 or not...I'd imagine not.

You can leave it blocked, but if you begin to get any errors with certain programs, you may want to re-enable it. SVCHOST are just Windows service programs. Generally safe, but also the target of most MS exploits.

I'd be suspicious. I assume you have a 10's address as well, school lan. A pc on the 10's network is trying to access your PC and get to a 239/0 external address. Smells so much like virus on your pc or the other pc, or both. Is Outlook or Outlook Express your mail client? Do a windows update, run a virus scan with up to date defs, as well as adaware/spybot (with those up to date as well)