Cannot block outbound connection to MCAST-NET

Discussion in 'ESET Smart Security' started by personicus, Nov 23, 2010.

Thread Status:
Not open for further replies.
  1. personicus

    personicus Registered Member

    Joined:
    Nov 23, 2010
    Posts:
    3
    I have just moved form ESET AV registered to a trial version of ESET smart security, primarily because I wanted the added firewall functionality. I have recently noticed outbound connections to 224.0.0.252 (MCAST-NET) via svchost and I am apparently unable to block these via the firewall regardless of what rules I try and apply.

    Does anyone have any insight as to why there is an outbound to MCAST-NET (seemingly from all PC's on my LAN, although the connection is very short) and moreover, I must confess that I am obviously having difficulties in tweaking the firewall rules. Are there any presets out there that can be loaded that basically prohibit ALL inbound/outbound connections until I explicitly allow them ?

    Many thanks in advance for any insightful tips.
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I am guessing you are running Microsoft Windows Vista or later on the computers, correct? 224.0.0.252 is a reserved IP address used for Link-Local Multicast Name Resolution (LLMNR) on your local area network. You can block it, if you like, but will lose access to viewing network maps and the like in Windows.

    You could try running ESET Personal Firewall in Interactive Mode to generate a set of rules for your network, and once you have done so switching to Policy-based Mode, which will disallow all connections except for those while have rules.

    Regards,

    Aryeh Goretsky
     
  3. personicus

    personicus Registered Member

    Joined:
    Nov 23, 2010
    Posts:
    3
    Thank you for the prompt response. Yes, I am running on Win7 for the most part. I am still trying to figure out outbound connections and which ones are legitimate. As per your response, a connection to 224.0.0.252 appears to be normal, although I still cannot understand why an outbound internet connection is required to accomplish this.

    That aside, I have recently run Malwarebytes, ESET AV and Hit Man Pro....all seems to be in order, but I would like to be somewhat more educated on what outbound connections are being triggered and why. I tried testing COMODO, but could not understand why 160 outbound connections are periodically made to 208.116.56.22 (NS2.PWEBTECH.COM) - Updates ?

    Again, thank you for your response. If there any other additional tips that you would be willing to share, I would be glad to hear them.
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Despite the address, it is local to your network and does not go out to the Internet. For more information, see Link Layer Topology Discovery article on Wikipedia.

    I cannot think of any specific tips at the moment, but here is a list of articles on the ESET Personal Firewall from ESET's knowledgebase. perhaps you will find that of interest.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.