Weird conenction request from my AV?

Discussion in 'other firewalls' started by Comp01, Oct 13, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Okay, my AntiVirus requested this connection (AVG) And its not the update program requesting...

    Connection origin
    :File Version :      6.0.1.374
    File Description :   AvgServ - displays notification message
    File Path :      C:\Program Files\Grisoft\AVG6\AVGSERV9.EXE
    Process ID :      FFFEA3B1 (Heximal) 4294878129 (Decimal)

       local initiated
    Protocol :      ICMP
    Local Address :    (My IP Dont like giving it out, over forums/chats)
    ICMP Type :      10 (Router Solicitation)
    ICMP Code :       0
    Remote Name :         
    Remote Address :   224.0.0.2

    Ethernet packet details:
    Ethernet II (Packet Length: 44)
       Destination:    01-00-5e-00-00-02
       Source:    44-45-53-54-00-00
    Type: IP (0x0800)
    Internet Protocol
       Version: 4
       Header Length: 20 bytes
       Flags:
          .0.. = Don't fragment: Not set
          ..0. = More fragments: Not set
       Fragment offset:0
       Time to live: 128
       Protocol: 0x1 (ICMP - Internet Control Message Protocol)
       Header checksum: 0xf5fc (Correct)
       Source: (My IP - I dont like giving it out over Forums/chats)
       Destination: 224.0.0.2
    Internet Control Message Protocol
       Type: 10 (Router Solicitation)
       Code: 0
       Data (4 bytes)

    Binary dump of the packet:
    0000: 01 00 5E 00 00 02 44 45 : 53 54 00 00 08 00 45 00 | ..^...DEST....E.
    0010: 00 1C 80 3F 00 00 80 01 : FC F5 D1 A5 0C 04 E0 00 | ...?............
    0020: 00 02 0A 00 F5 FF 00 00 : 00 00 00 00 | ............

    I'm sure its nothing, as I blocked it, but, I jsut wanted to make sure?
     
    Comp01, Oct 13, 2003
    #1
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Comp01

    You are right in that it is nothing to worry about.

    If you have not done so already, you might want to consider defining some ICMP rules to place in Sygates advanced rules that will be applicable to all applications.

    Regards,

    CrazyM
     
    CrazyM, Oct 14, 2003
    #2
  3. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    What would u suggest.
     
    BWMerlin, Oct 14, 2003
    #3
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi BWMerlin

    Basic ICMP rules you could use:

    Allow ICMP, Inbound, type 0, 3, 11, Source Any.
    Allow ICMP, Outbound, type 8, Destination Any.
    Deny ICMP, Inbound/Outbound, All Other.

    These rules should suffice for most users.
    I will usually allow Outbound type 3 to my ISP's DNS servers as well.

    Regards,

    CrazyM
     
    CrazyM, Oct 16, 2003
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...