Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > What does "ICMP to 224.0.0.2" mean?

Reply
Thread Tools

What does "ICMP to 224.0.0.2" mean?

 
 
Zarbol Tsar
Guest
Posts: n/a
 
      11-19-2004
> Mozzy wrote:
>> Soon after booting my system and then re-connecting the cable
>> modem lead to the PC (as it had unplugged itself) I got this
>> message from my Sygate firewall
>>
>> "Windows Explorer (explorer.exe) is trying to broadcast an ICMP
>> Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you
>> want to allow this program to access the network?"
>>
>> The IP address does not seem to resolve to ayone in particular.
>> I get some sort of info about "multicast".
>>
>> I am a single home PC attached to the Net. Should I allow this
>> sort of thing through?


On 28 Oct 2004, Nick H wrote:
>
> Do you by any chance have Novell Netware installed on your PC?



No, I don't have Novell or any networking software (as far as I
know!)
 
Reply With Quote
 
 
 
 
Zarbol Tsar
Guest
Posts: n/a
 
      11-19-2004
On 02 Nov 2004, stephen wrote:

> "Mozzy" <(E-Mail Removed)> wrote in message
> news:958FE34FC12F351A7E@62.253.162.201...
>> Soon after booting my system and then re-connecting the cable
>> modem lead to the PC (as it had unplugged itself) I got this
>> message from my Sygate firewall
>>
>> "Windows Explorer (explorer.exe) is trying to broadcast an ICMP
>> Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you
>> want to allow this program to access the network?"

>
> icmp is the family of IP protocols that do network maintenance.
>
> The destination address is a local IP multicast - it should
> never be forwarded by a router.
>
> cant remeber which one it is but it is either "all routers" or
> "all hosts" destination - these are used for setup and group
> handling.
>
> the PC is either looking for a service or trying to register a
> multicast address with a local multicast fowarder.
>
> ICMP router solicitation is the PC trying to find a local
> default gateway - maybe you havent configured that on your LAN
> NIC card?
>
> either way it doesnt seem like something a firewall should worry
> about if you are set up to "trust" your local LAN.



Stephen, I may have misunderstood you but I don't have a local LAN or
any LAN at all. My PC is standalone. The only connection it has is
via Ethernet to my cable modem.


>>
>> The IP address does not seem to resolve to ayone in particular.
>> I get some sort of info about "multicast".
>>
>> I am a single home PC attached to the Net. Should I allow this
>> sort of thing through?


 
Reply With Quote
 
 
 
 
Don Kelloway
Guest
Posts: n/a
 
      11-19-2004
"Zarbol Tsar" <(E-Mail Removed)> wrote in message
news:95A63ED2D38A51D7E@194.168.222.124...
> On 02 Nov 2004, stephen wrote:
>
> Stephen, I may have misunderstood you but I don't have a local LAN or
> any LAN at all. My PC is standalone. The only connection it has is
> via Ethernet to my cable modem.
>


What you are seeing is called multicasting. It's nothing to worry about.
Think of it as your PC attempting to identify the routers along the
connection to the Internet.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".


 
Reply With Quote
 
stephen
Guest
Posts: n/a
 
      11-19-2004
"Zarbol Tsar" <(E-Mail Removed)> wrote in message
news:95A63ED2D38A51D7E@194.168.222.124...
> On 02 Nov 2004, stephen wrote:
>
> > "Mozzy" <(E-Mail Removed)> wrote in message
> > news:958FE34FC12F351A7E@62.253.162.201...
> >> Soon after booting my system and then re-connecting the cable
> >> modem lead to the PC (as it had unplugged itself) I got this
> >> message from my Sygate firewall
> >>
> >> "Windows Explorer (explorer.exe) is trying to broadcast an ICMP
> >> Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you
> >> want to allow this program to access the network?"

> >
> > icmp is the family of IP protocols that do network maintenance.
> >
> > The destination address is a local IP multicast - it should
> > never be forwarded by a router.
> >
> > cant remeber which one it is but it is either "all routers" or
> > "all hosts" destination - these are used for setup and group
> > handling.
> >
> > the PC is either looking for a service or trying to register a
> > multicast address with a local multicast fowarder.
> >
> > ICMP router solicitation is the PC trying to find a local
> > default gateway - maybe you havent configured that on your LAN
> > NIC card?
> >
> > either way it doesnt seem like something a firewall should worry
> > about if you are set up to "trust" your local LAN.

>
>
> Stephen, I may have misunderstood you but I don't have a local LAN or
> any LAN at all. My PC is standalone. The only connection it has is
> via Ethernet to my cable modem.


but - that is a "LAN" as far as the PC can tell - you only have 1 PC and
your cable modem attached.

>
> >>
> >> The IP address does not seem to resolve to ayone in particular.
> >> I get some sort of info about "multicast".
> >>
> >> I am a single home PC attached to the Net. Should I allow this
> >> sort of thing through?


IP multicast should not cross a router unless the router is set up to handle
it, and normal internet feeds dont support IP multicast, so the default
sohuld be to ignore it.

Also, when multicast was introduced, there were some precautions taken in
the standards to limit the effect on existing equipment.

The packet should have the TTL set to 1 (i.e. it is only intended to exist
on the local subnet), so it should not propagate across a router, even if
the router doesnt understand how to handle IP multicast correctly.
--
Regards

Stephen Hope - return address needs fewer xxs


 
Reply With Quote
 
Mark McIntyre
Guest
Posts: n/a
 
      11-19-2004
On Fri, 19 Nov 2004 00:23:39 GMT, Zarbol Tsar <(E-Mail Removed)> wrote:

>Stephen, I may have misunderstood you but I don't have a local LAN or
>any LAN at all. My PC is standalone. The only connection it has is
>via Ethernet to my cable modem.


Your cable modem is effectively a 1-port router.

You might find a google for your exact subject line would be useful
too. This is from CISCO's website:

Reserved Link Local Addresses

The IANA has reserved addresses in the 224.0.0.0 through 224.0.0.255
to be used by network protocols on a local network segment. Packets
with these addresses should never be forwarded by a router; they
remain local on a particular LAN segment. They are always transmitted
with a time-to-live (TTL) of 1.

Network protocols use these addresses for automatic router discovery
and to communicate important routing information. For example, OSPF
uses 224.0.0.5 and 224.0.0.6 to exchange link state information. Table
43-1 lists some of the well-known addresses.

Table 43-1: Link Local Addresses
Address Usage

224.0.0.1 All systems on this subnet
224.0.0.2 All routers on this subnet

In other words, this is benign local traffic and if your firewall is
blocking it, then its misconfigured or misdesigned.
 
Reply With Quote
 
Andy Searle
Guest
Posts: n/a
 
      11-20-2004
"Mark McIntyre" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Fri, 19 Nov 2004 00:23:39 GMT, Zarbol Tsar <(E-Mail Removed)> wrote:
>
> >Stephen, I may have misunderstood you but I don't have a local LAN or
> >any LAN at all. My PC is standalone. The only connection it has is
> >via Ethernet to my cable modem.

>
> Your cable modem is effectively a 1-port router.
>
> You might find a google for your exact subject line would be useful
> too. This is from CISCO's website:
>
> Reserved Link Local Addresses
>
> The IANA has reserved addresses in the 224.0.0.0 through 224.0.0.255
> to be used by network protocols on a local network segment. Packets
> with these addresses should never be forwarded by a router; they
> remain local on a particular LAN segment. They are always transmitted
> with a time-to-live (TTL) of 1.
>
> Network protocols use these addresses for automatic router discovery
> and to communicate important routing information. For example, OSPF
> uses 224.0.0.5 and 224.0.0.6 to exchange link state information. Table
> 43-1 lists some of the well-known addresses.
>
> Table 43-1: Link Local Addresses
> Address Usage
>
> 224.0.0.1 All systems on this subnet
> 224.0.0.2 All routers on this subnet
>
> In other words, this is benign local traffic and if your firewall is
> blocking it, then its misconfigured or misdesigned.


It could be the "Universal Plug & Play" feature running under XP announcing
its presence to multicast routers on the local network. UP&P can be disabled
as nothing uses it yet - basically it will be a network plug and play
protocol one day - maybe! Info here on how to disable it
http://grc.com/UnPnP/UnPnP.htm


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      11-20-2004
No uPnP uses -- 239.255.255.250

Dave




"Andy Searle" <(E-Mail Removed)> wrote in message
news:ipxnd.734$(E-Mail Removed)...
|
| It could be the "Universal Plug & Play" feature running under XP announcing
| its presence to multicast routers on the local network. UP&P can be disabled
| as nothing uses it yet - basically it will be a network plug and play
| protocol one day - maybe! Info here on how to disable it
| http://grc.com/UnPnP/UnPnP.htm
|
|


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
.NET 2.0 ASPx Page does not load, but HTM does prabhupr@hotmail.com ASP .Net 1 02-08-2006 12:57 PM
Button OnClick does not fire on first postback, but does on second Janet Collins ASP .Net 0 01-13-2006 10:08 PM
Does the 2.0 Framework come out when Visual Studio .NET 2005 does? needin4mation@gmail.com ASP .Net 3 10-07-2005 12:55 AM
CS0234 Global does not exist ... but it genuinely does Bill Johnson ASP .Net 0 07-08-2005 06:34 PM
Does no one else think microsoft does a poor job? =?Utf-8?B?SmVyZW15IEx1bmRncmVu?= Wireless Networking 2 11-20-2004 12:17 AM



Advertisments