Weird conenction? (Again)

Another weird connection request 9I blocked it, but saved the request details to a text file)
Here are the details (From Sygate):
Connection origin :
File Version :      4.10.2222
File Description :   Windows 32-bit VxD Message Server
File Path :      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Process ID :      FFFF314F (Heximal) 4294914383 (Decimal)

   local initiated
Protocol :      ICMP
Local Address :    ***.***.**.**
ICMP Type :      10 (Router Solicitation)
ICMP Code :       0
Remote Name :         
Remote Address :   224.0.0.2

Ethernet packet details:
Ethernet II (Packet Length: 44)
   Destination:    01-00-5e-00-00-02
   Source:    00-00-f8-77-39-d7
Type: IP (0x0800)
Internet Protocol
   Version: 4
   Header Length: 20 bytes
   Flags:
      .0.. = Don't fragment: Not set
      ..0. = More fragments: Not set
   Fragment offset:0
   Time to live: 128
   Protocol: 0x1 (ICMP - Internet Control Message Protocol)
   Header checksum: 0xc66 (Correct)
   Source: 209.165.23.45
   Destination: 224.0.0.2
Internet Control Message Protocol
   Type: 10 (Router Solicitation)
   Code: 0
   Data (4 bytes)

Binary dump of the packet:
0000: 01 00 5E 00 00 02 00 00 : F8 77 39 D7 08 00 45 00 | ..^......w9...E.
0010: 00 1C 0C 00 00 00 80 01 : 66 0C D1 A5 17 2D E0 00 | ........f....-..
0020: 00 02 0A 00 F5 FF 00 00 : 00 00 42 00 | ..........B.

Edit: removed Comp01's IP address

 

ICMP 10 is normal to be sent outbound during dhcp, but you don't need to allow it outbound.

 

224.0.0.2 is not an Internet IP address, so don't worry.
look here:
http://www.faqs.org/rfcs/rfc3171.html
Dolf

 

Okay, I got another weird request when I open a email in my email client (Its a certain one, its official, from a Nintendo; Yes, I am a gamer, also, lol) here are the details:
Connection origin :   local initiated
Protocol :      TCP
Local Address :    ***.***.**.**
Local Port :      1052
Remote Name :      www.4at2.com
Remote Address :   207.189.106.243
Remote Port :      80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 64)
   Destination:    20-53-52-43-00-00
   Source:    44-45-53-54-00-00
Type: IP (0x0800)
Internet Protocol
   Version: 4
   Header Length: 20 bytes
   Flags:
      .1.. = Don't fragment: Set
      ..0. = More fragments: Not set
   Fragment offset:0
   Time to live: 128
   Protocol: 0x6 (TCP - Transmission Control Protocol)
   Header checksum: 0xc3e3 (Correct)
   Source: 165.247.64.87
   Destination: 207.189.106.243
Transmission Control Protocol (TCP)
   Source port: 1052
   Destination port: 80
   Sequence number: 323990
   Acknowledgment number: 0
   Header length: 28

 

Its trying to contact a web server, and if you have a html enabled client this will happen. Many mail clients are just like browsers now, and carry many of their security exploits.

Either read all your e-mail as plain text, or block your mail program from any outbound http connection. If you want to go farther restrict it to the communications it requires like localhost, and your mail servers only.

You won't see images that must downloaded in e-mail, but it also prevents the dowloading of web bugs which confirm your e-mail address.

 

What is your email client? I'm using a Pegasus which uses its own html viewer that is immune to web-bugs, but I was suprised the other day,when I saw a note saying that IE was trying to access port 80.

Very strange, I'm trying to see why it works.