A request from my system not seen before

Discussion in 'other firewalls' started by marcusa, May 11, 2004.

Thread Status:
Not open for further replies.
  1. marcusa

    marcusa Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    29
    Location:
    Surrey UK
    Hey guys

    Thanks for all the help you have given in the past, I dont know if you have seen this one, but it was new to me

    My latest little thing from the Sygate Personal Firewall I use is

    crss.exe wanting to talk to IP 224.0.0.22

    This IP resolves to igmp.mcast.net

    I obviously blocked it and run Spybot S&D to be on the safe side, all this taking me away from watching Gone in 60 Seconds :(

    I have that up to date and have SpywareGuard and SpywareBlaster on this machine, so was not worried about it just suprised when it asked, as I had just turned the machine on.

    Anyway there you go thats my suprise of the day
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Are you sure about the spelling? There is a process csrss.exe which is the Client Server Runtime SubSystem (one of the Default Processes in Windows 2000) but this should have no need for network access. There is also a trojan Gutta that uses a file with the same name (although Symantec's description seems to suggest that it should not need network access either). In either case, I would suggest blocking it and doing some further investigation.

    If the spelling is correct and the file is in the Windows System folder then I would very suspicious (many malware programs try to use similar spelling to Windows' files) and would suggest a scan with your favoured anti-trojan utility.

    The 224.0.0.22 address is reserved for IGMP membership reports (see RFC 3376 - Internet Group Management Protocol, Version 3 for more details) - IGMP itself is used for transmitting data to a group of other systems. To this extent, no conclusion can be drawn as to whether this traffic is legitimate or not - but unless you are using audio or video streaming software (the main use for IGMP), there is no need for your system to be using it in the first place.
     
Loading...
Thread Status:
Not open for further replies.