CIS FW - Strange ICMP and IGMP connections!Help please!

Discussion in 'other firewalls' started by RaiGal, Apr 9, 2011.

Thread Status:
Not open for further replies.
  1. RaiGal

    RaiGal Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    8
    Location:
    Here and there.
    Hello everyone,
    Recently i have been getting strange Outgoing IGMP connections from system (Pic 1). I am using windows 7.My main concern is that I don't know why these exist and that there's no option on how to block them!I tried adding a rule but only TCP/UDP/ICMP/IP are available.Also i have noticed some UDP Out connections (Pic 2) .Do you guys think it's a trojan or something?

    As this wasn't enough i have been getting a lot of ICMPV6 connections from programs like audiodg ,VLC,windows media player and foxit reader (pic 3). Do you think these programs are trying to update or?

    Lastly, i am having svchost.exe connections from various ports (as shown in pic 1,2,4 and 5). Do you think these connections are normal? Is there any way to find out if these are good to go?

    I am still a newbie in firewalls so I would really appreciate any help,thank you! :D

    http://img859.imageshack.us/i/pic1s.jpg/ -->Pic 1
    http://img29.imageshack.us/i/pic2yd.jpg/ -->Pic 2
    http://img38.imageshack.us/i/pic3mn.jpg/ -->Pic 3
    http://img98.imageshack.us/i/pic4zn.jpg/ -->Pic 4
    http://img855.imageshack.us/i/pic5t.jpg/ -->Pic 5
     
    Last edited: Apr 9, 2011
    RaiGal, Apr 9, 2011
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    what you shown so far looks like normal traffic that Comodo alerts on
     
    Cudni, Apr 9, 2011
    #2
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    The IGMP junk is normal. Most often related to
    - UPnP
    - SSDP
    - IGMP router discovery

    Did not check the rest since ImageShack is so slow that it is unusable for me... there is an attachment feature here for a reason.
     
    doktornotor, Apr 9, 2011
    #3
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,651
    IGMP is multicast and the IP is only local !
    http://www.networksorcery.com/enp/protocol/igmp.htm
    should set allowed!

    Foxit and icmp - dont know, i dont use Foxit since years any longer, crappy software
    maybe it checks for updates or plugins... whats the endpoint ip for that ip_v6 number?
    (pls ask the foxit support for further details!)

    port 53 ► http://en.wikipedia.org/wiki/Domain_Name_System
    (any search engine might helped you for this!)
    access is needed - anyway, each program connecting to the web need port 53
    to resolve domain-names to ip! web-basics!
    svchost should limited on lower ports (135/137/139/445) to your lan if possible with CIS.
    those ports are important for lan working computers, but not for the rest of world.

    BTW the source port varies - it changes with each access to the web although the destination port may the same
     
    Brummelchen, Apr 9, 2011
    #4
Loading...
Similar Threads
  1. Newb888_1

    Outgoing connections not being blocked with an exception

    Newb888_1, Aug 6, 2018
    Replies:
    1
    Views:
    397
    moredhelfinland
    Aug 8, 2018
  2. mantra

    why can't a firewall block all the connection of a program?

    mantra, Jun 20, 2018
    Replies:
    28
    Views:
    2,255
    TairikuOkami
    Jul 15, 2018
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...