CIS FW - Strange ICMP and IGMP connections!Help please!

Discussion in 'other firewalls' started by RaiGal, Apr 9, 2011.

Thread Status:
Not open for further replies.
  1. RaiGal

    RaiGal Registered Member

    Feb 19, 2009
    Here and there.
    Hello everyone,
    Recently i have been getting strange Outgoing IGMP connections from system (Pic 1). I am using windows 7.My main concern is that I don't know why these exist and that there's no option on how to block them!I tried adding a rule but only TCP/UDP/ICMP/IP are available.Also i have noticed some UDP Out connections (Pic 2) .Do you guys think it's a trojan or something?

    As this wasn't enough i have been getting a lot of ICMPV6 connections from programs like audiodg ,VLC,windows media player and foxit reader (pic 3). Do you think these programs are trying to update or?

    Lastly, i am having svchost.exe connections from various ports (as shown in pic 1,2,4 and 5). Do you think these connections are normal? Is there any way to find out if these are good to go?

    I am still a newbie in firewalls so I would really appreciate any help,thank you! :D -->Pic 1 -->Pic 2 -->Pic 3 -->Pic 4 -->Pic 5
    Last edited: Apr 9, 2011
  2. Cudni

    Cudni Global Moderator

    May 24, 2009
    what you shown so far looks like normal traffic that Comodo alerts on
  3. doktornotor

    doktornotor Registered Member

    Jul 19, 2008
    The IGMP junk is normal. Most often related to
    - UPnP
    - SSDP
    - IGMP router discovery

    Did not check the rest since ImageShack is so slow that it is unusable for me... there is an attachment feature here for a reason.
  4. Brummelchen

    Brummelchen Registered Member

    Jan 3, 2009
    IGMP is multicast and the IP is only local !
    should set allowed!

    Foxit and icmp - dont know, i dont use Foxit since years any longer, crappy software
    maybe it checks for updates or plugins... whats the endpoint ip for that ip_v6 number?
    (pls ask the foxit support for further details!)

    port 53 ►
    (any search engine might helped you for this!)
    access is needed - anyway, each program connecting to the web need port 53
    to resolve domain-names to ip! web-basics!
    svchost should limited on lower ports (135/137/139/445) to your lan if possible with CIS.
    those ports are important for lan working computers, but not for the rest of world.

    BTW the source port varies - it changes with each access to the web although the destination port may the same
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.