fe80::: WTF?

Discussion in 'ESET Smart Security' started by NODPortable, Oct 14, 2009.

Thread Status:
Not open for further replies.
  1. NODPortable

    NODPortable Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    9
    Hi,

    When I boot up my computer I keep getting an inbound request on some weird address format.

    fe80:::d5fc:79a:d2ff:a1dc

    Its coming in port 5535 (llmnar or something)

    It claims to be the windows host process (on Win 7 x64).

    Any idea what the **** it is? So far I've been temporarily blocking it...
    I tried an IP lookup but got nothing.
     
  2. NODPortable

    NODPortable Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    9
    Hmmm, not certain but I think its related to the virtual machine that I have. When I delay the boot up of it, the request actually comes when it starts, not my host PC.

    Still no idea if its a valid request coming from the virtual pc to my host, or some spam/hack coming from a remote computer to the OS installation on the virtual pc....
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since you're using Windows 7, make sure to enable pre-release updates in the update setup so that the firewall module 1053 with Windows 7 support is downloaded. It adds an option for multicast address resolution (LLMNR) on port 5355 (you probably made a typo).
     
  4. NODPortable

    NODPortable Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    9
    Yep correct on the typo.

    I didn't see any 'pre-release updates' option. I did stumble across an 'Enable Test Mode' option though, so I took a punt and enabled that instead. Its gone ahead and download ~23mb file.

    Does that sound about right?
     
  5. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    It's OK, let the update finish.
     
Thread Status:
Not open for further replies.