Vista firewall with outbound on

I keep on getting these dropped packets on my log...

2009-10-18 15:01:54 DROP ICMP ****::****:****:****:**** ff02::2 - - 0 - - - - 133 0 - SEND

009-10-18 15:01:54 DROP ICMP ****::****:****:****:**** ff02::16 - - 0 - - - - 143 0 - SEND

These are IPV6 packets, but i don't know what is going on.

 

Those just look to be ICMP code 0 (echo reply) dropped packets, which is fine - and desirable - if you are not on a network sharing files. Vista has an IP Helper service (iphlpsvc) enabled by default, which offers native IPv6 network support, so this probably the reason for the IPv6 sent packets. I'd say this is nothing to be concerned about.

*Edit*

this is something I wanted to look a bit further into, and to check one of my ICMP rules in Vista's fw. You will see that ICMP type 8, code 0 (Echo Request or Ping) that I sent from my router is being blocked by the fw, as is desired on a stand-alone, non-networked pc. The screenshot shows the breakdown of the log entry.

 

Thanks for the info!
What I am most concerned about is that I didn't have outbound filtering turned on before, and so why would my computer be sending out those packets anyway?

 

You're welcome!

I'm not sure why your machine is sending the replies, but what is happening depends on the active firewall profile you are using before you can determine the ICMP rules in place. Under Network and Sharing center you can check this if you don't already know, then go to administrative tools -> Windows firewall with Advanced security, then select the active profile and check which ICMP rules are in place and enabled for the active profile. This will help shed light on what is happening.

The important thing is that if your machine is not networked and sharing with others, then the dropped replies are a favorable condition.

 

By default setup Vista does send out IPV6 pings/packets to microsofts servers. It is stated in the Vista EULA as being for testing.


- Stem

 

Thank you for the clarification Stem!