Don't laugh, still using W98SE and Kerio 2.1.5 Firewall. I just had an alert "Incoming IP protocol 46" and don't know whether I should Permit or Deny this. The only thing I could find about it was this: http://support.microsoft.com/kb/811832/ Not sure that I'm any the wiser and in any event this is not for W98. Any ideas which way I should go? Thx.
Internet Protocol Numbers Protocol 46 (RSVP) Reservation Protocol This may be from your ISP (Quality of Service (QoS)), but blocking this or anything you are not sure of is possibly the best policy (as long as it does not affect your internet connection. You could check the IP this came from, if it is your ISP, you could e-mail them concerning this). Personally, I would block this.
Thx for link. Good bit of reading about RSVP around if I can fathom it. Yes, if in doubt I do usually block - I've only once got this wrong and slowed the internet dramatically. I screen captured the alert at the time which was "during an internet purchase". This is what it say in the details box: Application: 'Tcpip Kernel Driver';protocol:[46]; Remote address 195.234.156.237: Unknown event From Arin I see this is Ripe Network Coordination Centre - Amsterdam. In the past I've tended to assume Ripe is OK (?) Thanks for input, definitely moved me a few steps forward.
You need to further your search onto the "Ripe network" http://www.ripe.net/ which wiil show:- 195.234.156.0 - 195.234.156.255 IGROUP-LTD igroup Limited Watford GB
Stem Ooops, seems I didn't try anywhere near enough.... Having Googled around there seems no reason to ever dream of permitting that entry. Thanks so much for your time, interest and admirable responses. They have been a great help and an education.
Derek, If all your applications that need internet access are currently covered within your firewall, then maybe a block all (or at least a block all inbound) rule at the end of your ruleset would drop any unsolicited entry/scan attempts in the future. Stem
I've just saved a new rule set with the last rule as "block all bothways" and all earlier individual blocking rules deleted. You reminded me about the importance of placement (I hardly have to touch it these days). Early days yet but so far it seems fine, websites, downloads, email etc all working. I can always dig out my previous rule set if anything goes awry, or slip in some earlier permission to the new set. Thx