Another weird connection request 9I blocked it, but saved the request details to a text file) Here are the details (From Sygate): Connection origin : File Version : 4.10.2222 File Description : Windows 32-bit VxD Message Server File Path : C:\WINDOWS\SYSTEM\MSGSRV32.EXE Process ID : FFFF314F (Heximal) 4294914383 (Decimal) local initiated Protocol : ICMP Local Address : ***.***.**.** ICMP Type : 10 (Router Solicitation) ICMP Code : 0 Remote Name : Remote Address : 224.0.0.2 Ethernet packet details: Ethernet II (Packet Length: 44) Destination: 01-00-5e-00-00-02 Source: 00-00-f8-77-39-d7 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 128 Protocol: 0x1 (ICMP - Internet Control Message Protocol) Header checksum: 0xc66 (Correct) Source: 209.165.23.45 Destination: 224.0.0.2 Internet Control Message Protocol Type: 10 (Router Solicitation) Code: 0 Data (4 bytes) Binary dump of the packet: 0000: 01 00 5E 00 00 02 00 00 : F8 77 39 D7 08 00 45 00 | ..^......w9...E. 0010: 00 1C 0C 00 00 00 80 01 : 66 0C D1 A5 17 2D E0 00 | ........f....-.. 0020: 00 02 0A 00 F5 FF 00 00 : 00 00 42 00 | ..........B. Edit: removed Comp01's IP address
224.0.0.2 is not an Internet IP address, so don't worry. look here: http://www.faqs.org/rfcs/rfc3171.html Dolf
Okay, I got another weird request when I open a email in my email client (Its a certain one, its official, from a Nintendo; Yes, I am a gamer, also, lol) here are the details: Connection origin : local initiated Protocol : TCP Local Address : ***.***.**.** Local Port : 1052 Remote Name : www.4at2.com Remote Address : 207.189.106.243 Remote Port : 80 (HTTP - World Wide Web) Ethernet packet details: Ethernet II (Packet Length: 64) Destination: 20-53-52-43-00-00 Source: 44-45-53-54-00-00 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 128 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0xc3e3 (Correct) Source: 165.247.64.87 Destination: 207.189.106.243 Transmission Control Protocol (TCP) Source port: 1052 Destination port: 80 Sequence number: 323990 Acknowledgment number: 0 Header length: 28
Its trying to contact a web server, and if you have a html enabled client this will happen. Many mail clients are just like browsers now, and carry many of their security exploits. Either read all your e-mail as plain text, or block your mail program from any outbound http connection. If you want to go farther restrict it to the communications it requires like localhost, and your mail servers only. You won't see images that must downloaded in e-mail, but it also prevents the dowloading of web bugs which confirm your e-mail address.
What is your email client? I'm using a Pegasus which uses its own html viewer that is immune to web-bugs, but I was suprised the other day,when I saw a note saying that IE was trying to access port 80. Very strange, I'm trying to see why it works.