Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > Ip address / Explorer.exe IANA.org ?

Reply
Thread Tools

Ip address / Explorer.exe IANA.org ?

 
 
- Bobb -
Guest
Posts: n/a
 
      11-27-2007
Some help from network /server folks please ?

XP SP2 2 yr old PC and for a month or so I've occasionally noticed that my
network activity leds in system tray are transmitting and receiving while
I'm not doing anything. In Task Mgr I see explorer.exe activity during
this nic activity. I've updated/run NAV, Ad-aware,etc - clean.

Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
Firewall alert:

Incoming IP address 73.x.x.x
Which whois shows as "owned by Comcast". ( not my IP )

and outgoing address 224.0.0.1

which http://www.networksolutions.com/whois/index.jsp shows as being
owned by IANA.org.

I never heard of IANA but appears to be internet org that is involved with
"assigning IP's ??" Anyone explain why my pc is talking to that site ?
I've got Linksys router on auto ip/dns so shows 192.168.1.1. I have
windows firewall turned off and use ZA only.

Why would someone want to have my pc send info to IANA ?


---------------
Record Type: IP Address 224.0.0.1

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: http://www.velocityreviews.com/forums/(E-Mail Removed)

 
Reply With Quote
 
 
 
 
Paul
Guest
Posts: n/a
 
      11-27-2007
- Bobb - wrote:
> Some help from network /server folks please ?
>
> XP SP2 2 yr old PC and for a month or so I've occasionally noticed that
> my network activity leds in system tray are transmitting and receiving
> while I'm not doing anything. In Task Mgr I see explorer.exe activity
> during this nic activity. I've updated/run NAV, Ad-aware,etc - clean.
>
> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
> Firewall alert:
>
> Incoming IP address 73.x.x.x
> Which whois shows as "owned by Comcast". ( not my IP )
>
> and outgoing address 224.0.0.1
>
> which http://www.networksolutions.com/whois/index.jsp shows as being
> owned by IANA.org.
>
> I never heard of IANA but appears to be internet org that is involved
> with "assigning IP's ??" Anyone explain why my pc is talking to that
> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
> have windows firewall turned off and use ZA only.
>
> Why would someone want to have my pc send info to IANA ?
>
>
> ---------------
> Record Type: IP Address 224.0.0.1
>
> OrgName: Internet Assigned Numbers Authority


> Comment: This block is reserved for special purposes. <-----


A quick search shows 224.x.x.x as IPV4 multicast. The packet is
not going to IANA. See page 15 here.

http://web.cecs.pdx.edu/~jrb/tcpip/l...s/multcast.pdf

To snapshot all incoming and outgoing packets, try a tool like Wireshark.
It was formerly named Ethereal, and you can probably find some
references to either of those names.

Picture of Wireshark capture screen - runs continuous in real time:
http://upload.wikimedia.org/wikipedi..._Screeshot.png

http://en.wikipedia.org/wiki/Wireshark
http://www.wireshark.org/about.html

Depending on the malware, you may even find occasions where the activity
stops, as soon as Wireshark is running

Paul
 
Reply With Quote
 
 
 
 
- Bobb -
Guest
Posts: n/a
 
      11-27-2007

"Paul" <(E-Mail Removed)> wrote in message news:fihsgs$b7t$(E-Mail Removed)...
>- Bobb - wrote:
>> Some help from network /server folks please ?
>>
>> XP SP2 2 yr old PC and for a month or so I've occasionally noticed that
>> my network activity leds in system tray are transmitting and receiving
>> while I'm not doing anything. In Task Mgr I see explorer.exe activity
>> during this nic activity. I've updated/run NAV, Ad-aware,etc - clean.
>>
>> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
>> Firewall alert:
>>
>> Incoming IP address 73.x.x.x
>> Which whois shows as "owned by Comcast". ( not my IP )
>>
>> and outgoing address 224.0.0.1
>>
>> which http://www.networksolutions.com/whois/index.jsp shows as being
>> owned by IANA.org.
>>
>> I never heard of IANA but appears to be internet org that is involved
>> with "assigning IP's ??" Anyone explain why my pc is talking to that
>> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
>> have windows firewall turned off and use ZA only.
>>
>> Why would someone want to have my pc send info to IANA ?
>>
>>
>> ---------------
>> Record Type: IP Address 224.0.0.1
>>
>> OrgName: Internet Assigned Numbers Authority

>
>> Comment: This block is reserved for special purposes. <-----

> ===================
>
>
> A quick search shows 224.x.x.x as IPV4 multicast. The packet is
> not going to IANA. See page 15 here.
>
> http://web.cecs.pdx.edu/~jrb/tcpip/l...s/multcast.pdf
>
> To snapshot all incoming and outgoing packets, try a tool like
> Wireshark.
> It was formerly named Ethereal, and you can probably find some
> references to either of those names.
>
> Picture of Wireshark capture screen - runs continuous in real time:
> http://upload.wikimedia.org/wikipedi..._Screeshot.png
>
> http://en.wikipedia.org/wiki/Wireshark
> http://www.wireshark.org/about.html
>
> Depending on the malware, you may even find occasions where the activity
> stops, as soon as Wireshark is running
>
> Paul


OK Paul, Thanks
So not to be alarmed then ?? ...
I went to web.cecs link and read , but it didn't tell me WHAT comcast ( ip
73.x.x.x) is trying to do on my PC.
If I scroll all the way to the right in my ZA log screen, ( I missed it
earlier) it shows:

IGMP Type:17
Source DNS = 'COMCAST' subnet servers
and
" Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS servers
I saw listed at IANA whois (MCAST.NET))

I googled IGMP MCAST and found a LOT of people with same question before
posting here:
http://www.shrapnelcommunity.com/thr...?Number=294216
Suggested spyware

But
http://www.freesoft.org/CIE/RFC/1112/18.htm
shows that it's trying to gain info on MEMBERS in the group.
" The Internet Group Management Protocol (IGMP) is used by IP hosts to
report their host group memberships to any immediately-neighboring
multicast routers."

Big Question: Do I care ? Should I allow it ?
Any advantage to me ?




 
Reply With Quote
 
Paul
Guest
Posts: n/a
 
      11-28-2007
- Bobb - wrote:
>
> "Paul" <(E-Mail Removed)> wrote in message news:fihsgs$b7t$(E-Mail Removed)...
>> - Bobb - wrote:
>>> Some help from network /server folks please ?
>>>
>>> XP SP2 2 yr old PC and for a month or so I've occasionally noticed
>>> that my network activity leds in system tray are transmitting and
>>> receiving while I'm not doing anything. In Task Mgr I see
>>> explorer.exe activity during this nic activity. I've updated/run NAV,
>>> Ad-aware,etc - clean.
>>>
>>> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
>>> Firewall alert:
>>>
>>> Incoming IP address 73.x.x.x
>>> Which whois shows as "owned by Comcast". ( not my IP )
>>>
>>> and outgoing address 224.0.0.1
>>>
>>> which http://www.networksolutions.com/whois/index.jsp shows as being
>>> owned by IANA.org.
>>>
>>> I never heard of IANA but appears to be internet org that is involved
>>> with "assigning IP's ??" Anyone explain why my pc is talking to that
>>> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
>>> have windows firewall turned off and use ZA only.
>>>
>>> Why would someone want to have my pc send info to IANA ?
>>>
>>>
>>> ---------------
>>> Record Type: IP Address 224.0.0.1
>>>
>>> OrgName: Internet Assigned Numbers Authority

>>
>>> Comment: This block is reserved for special purposes. <-----

>> ===================
>>
>>
>> A quick search shows 224.x.x.x as IPV4 multicast. The packet is
>> not going to IANA. See page 15 here.
>>
>> http://web.cecs.pdx.edu/~jrb/tcpip/l...s/multcast.pdf
>>
>> To snapshot all incoming and outgoing packets, try a tool like Wireshark.
>> It was formerly named Ethereal, and you can probably find some
>> references to either of those names.
>>
>> Picture of Wireshark capture screen - runs continuous in real time:
>> http://upload.wikimedia.org/wikipedi..._Screeshot.png
>>
>>
>> http://en.wikipedia.org/wiki/Wireshark
>> http://www.wireshark.org/about.html
>>
>> Depending on the malware, you may even find occasions where the activity
>> stops, as soon as Wireshark is running
>>
>> Paul

>
> OK Paul, Thanks
> So not to be alarmed then ?? ...
> I went to web.cecs link and read , but it didn't tell me WHAT comcast (
> ip 73.x.x.x) is trying to do on my PC.
> If I scroll all the way to the right in my ZA log screen, ( I missed it
> earlier) it shows:
>
> IGMP Type:17
> Source DNS = 'COMCAST' subnet servers
> and
> " Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS
> servers I saw listed at IANA whois (MCAST.NET))
>
> I googled IGMP MCAST and found a LOT of people with same question before
> posting here:
> http://www.shrapnelcommunity.com/thr...?Number=294216
> Suggested spyware
>
> But
> http://www.freesoft.org/CIE/RFC/1112/18.htm
> shows that it's trying to gain info on MEMBERS in the group.
> " The Internet Group Management Protocol (IGMP) is used by IP hosts to
> report their host group memberships to any immediately-neighboring
> multicast routers."
>
> Big Question: Do I care ? Should I allow it ?
> Any advantage to me ?
>


First of all, I'm not an expert in this stuff. It sounds like you're
already aware of what malware can do, and are properly armed for it.

I suggested Wireshark, in case you suspect a "conversation" is actually
taking place. Wireshark uses system memory, and will also slow things
down a bit, but you can leave it running if you have suspicions that
something is not right.

The address is not a simple node address, but has a special meaning.
I think 224.0.0.1 is a multicast to all local nodes, and that packet
type might be used for a routing protocol. It all depends on whether
your computer network setup is appropriate for such a protocol to
be running, as to whether this is a reasonable thing to see or not.

I usually only have one computer running on my router box at a time,
so what I see in Wireshark won't be the same as someone with a
more complicated setup.

In any case, IANA isn't spying on you That is all I can
tell you with certainty. I'd be curious, whether a system process,
or one of your applications, was trying to send that.

As another example, it is possible, if you had both an active
Ethernet interface, and an active wireless connection of some
sort, both running at the same time, that routing protocols would
be present. When a computer has more than one network interface
running, there have to be rules for which interface a packet
"escapes from". The computer has to make a choice, and features
like routing and its associated protocols, might be associated
with making an intelligent choice.

I only have one Ethernet interface active, so my setup is
pretty simple.

Just a guess,
Paul
 
Reply With Quote
 
- Bobb -
Guest
Posts: n/a
 
      11-28-2007

"Paul" <(E-Mail Removed)> wrote in message news:fiicfr$tld$(E-Mail Removed)...
>- Bobb - wrote:
>>
>> "Paul" <(E-Mail Removed)> wrote in message
>> news:fihsgs$b7t$(E-Mail Removed)...
>>> - Bobb - wrote:
>>>> Some help from network /server folks please ?
>>>>
>>>> XP SP2 2 yr old PC and for a month or so I've occasionally noticed
>>>> that my network activity leds in system tray are transmitting and
>>>> receiving while I'm not doing anything. In Task Mgr I see
>>>> explorer.exe activity during this nic activity. I've updated/run NAV,
>>>> Ad-aware,etc - clean.
>>>>
>>>> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
>>>> Firewall alert:
>>>>
>>>> Incoming IP address 73.x.x.x
>>>> Which whois shows as "owned by Comcast". ( not my IP )
>>>>
>>>> and outgoing address 224.0.0.1
>>>>
>>>> which http://www.networksolutions.com/whois/index.jsp shows as being
>>>> owned by IANA.org.
>>>>
>>>> I never heard of IANA but appears to be internet org that is involved
>>>> with "assigning IP's ??" Anyone explain why my pc is talking to that
>>>> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
>>>> have windows firewall turned off and use ZA only.
>>>>
>>>> Why would someone want to have my pc send info to IANA ?
>>>>
>>>>
>>>> ---------------
>>>> Record Type: IP Address 224.0.0.1
>>>>
>>>> OrgName: Internet Assigned Numbers Authority
>>>
>>>> Comment: This block is reserved for special purposes. <-----
>>> ===================
>>>
>>>
>>> A quick search shows 224.x.x.x as IPV4 multicast. The packet is
>>> not going to IANA. See page 15 here.
>>>
>>> http://web.cecs.pdx.edu/~jrb/tcpip/l...s/multcast.pdf
>>>
>>> To snapshot all incoming and outgoing packets, try a tool like
>>> Wireshark.
>>> It was formerly named Ethereal, and you can probably find some
>>> references to either of those names.
>>>
>>> Picture of Wireshark capture screen - runs continuous in real time:
>>> http://upload.wikimedia.org/wikipedi..._Screeshot.png
>>>
>>> http://en.wikipedia.org/wiki/Wireshark
>>> http://www.wireshark.org/about.html
>>>
>>> Depending on the malware, you may even find occasions where the
>>> activity
>>> stops, as soon as Wireshark is running
>>>
>>> Paul

>>
>> OK Paul, Thanks
>> So not to be alarmed then ?? ...
>> I went to web.cecs link and read , but it didn't tell me WHAT comcast
>> ( ip 73.x.x.x) is trying to do on my PC.
>> If I scroll all the way to the right in my ZA log screen, ( I missed it
>> earlier) it shows:
>>
>> IGMP Type:17
>> Source DNS = 'COMCAST' subnet servers
>> and
>> " Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS
>> servers I saw listed at IANA whois (MCAST.NET))
>>
>> I googled IGMP MCAST and found a LOT of people with same question
>> before posting here:
>> http://www.shrapnelcommunity.com/thr...?Number=294216
>> Suggested spyware
>>
>> But
>> http://www.freesoft.org/CIE/RFC/1112/18.htm
>> shows that it's trying to gain info on MEMBERS in the group.
>> " The Internet Group Management Protocol (IGMP) is used by IP hosts to
>> report their host group memberships to any immediately-neighboring
>> multicast routers."
>>
>> Big Question: Do I care ? Should I allow it ?
>> Any advantage to me ?
>>

>
> First of all, I'm not an expert in this stuff. It sounds like you're
> already aware of what malware can do, and are properly armed for it.
>
> I suggested Wireshark, in case you suspect a "conversation" is actually
> taking place. Wireshark uses system memory, and will also slow things
> down a bit, but you can leave it running if you have suspicions that
> something is not right.
>
> The address is not a simple node address, but has a special meaning.
> I think 224.0.0.1 is a multicast to all local nodes, and that packet
> type might be used for a routing protocol. It all depends on whether
> your computer network setup is appropriate for such a protocol to
> be running, as to whether this is a reasonable thing to see or not.
>

EXACTLY !

> I usually only have one computer running on my router box at a time,
> so what I see in Wireshark won't be the same as someone with a
> more complicated setup.


I have only pne PC running right now too.

>
> In any case, IANA isn't spying on you That is all I can
> tell you with certainty. I'd be curious, whether a system process,
> or one of your applications, was trying to send that.
>
> As another example, it is possible, if you had both an active
> Ethernet interface, and an active wireless connection of some
> sort, both running at the same time, that routing protocols would
> be present. When a computer has more than one network interface
> running, there have to be rules for which interface a packet
> "escapes from". The computer has to make a choice, and features
> like routing and its associated protocols, might be associated
> with making an intelligent choice.
>
> I only have one Ethernet interface active, so my setup is
> pretty simple.
>
> Just a guess,
> Paul


Thanks again. Since last message I read a very good description/overview
about Traffic Control with IP Multicast (IGMP) here:

ftp://ftp.hp.com/pub/networking/soft...hap04-IGMP.pdf

and after reading what Comcast is TRYING to do, I wondered , WHY is my PC
accepting inquiries regarding its routing view ? Yeah it is set at a local
gateway, but not 'really a resource for Comcast". I went into setup of my
Linksys Router and looked at settings. Then went back to google searching
a bit more and found
- tada ...

http://www.hansenonline.net/Networking/linksysbug.html

ICMP, IGMP, these are events I can see in the ZA log by hitting STOP on
Zonealarm

So, perhaps just disabling MultiCast on the Linksys router will fix it. I
did so and I'll report back to update this in a week or so (or sooner if
still an issue).

As to WHY just an issue recently, again I was thinking and MAYBE they
replaced / upgraded a switch at Comcast and it is set to scan /send
multicast. For now I'll leave it off and see how it goes

Thanks again Paul
Regards,
Bobb

 
Reply With Quote
 
jameshanley39@yahoo.co.uk
Guest
Posts: n/a
 
      11-29-2007
On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
<snip>

I know enough to know it is nothing to worry about. Zone Alarm is
produces lots of popups so that it looks like it is busy and working.
If it was as quiet as the windows firewall, people would probably not
buy it, they would assume it is doing nothing. The average people is
thick (when it comes to computers, and the logical thinking required).

You should not be given an explanation, because you really have no
technical interest, you are just SCARED..

Because ZA spreads FUD (fear, uncertainty and doubt)

I happen to have a little knowledge on this.. Because I have an
interest, and once read some of an O`reilly book called "internet core
protocols". There are clearer tcp/ip books, and it was deadly boring,
but anyhow.

It is clear that
224.0.0.1 IS LOCAL, it cannot be forwarded !!
It refers to a group of computers on your network.
Similarly with 224.0.0.2 and 224.0.0.4
Infact, the whole 224/8 range is probably somewhat like that.. They
may not all be local. But anyhow, I would not worry.

The book says, as I suspected, IGMP is a control protocol like ICMP.
Apart from a ping of death story from a long time ago, ICMP is
harmless.

ZA confuses end users with messages that they do not understand, and
just makes them more worried. Probably causes more hassle to them
than malware itself.

If you had seen communication with a dodgy computer - i.e. not a
reserved IANA address (which probably is not even touching a machine
outside your network anyway). But if you see some ip address that
belongs to some blah company, then you may be a bit concerned..

I do not know what that 73.x.y.z ip address was. You did not include
the whole of it. I don`t think you know enough to use netstat to look
on regarding what port communication is on.. And what process.
netstat -aon (then look up the process in process explorer). You
are just a scared end user. Just keep your data backed up and be
quiet. And if you are interested, then don`t be so scared.

BOO








 
Reply With Quote
 
- Bobb -
Guest
Posts: n/a
 
      11-30-2007

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
> <snip>
>
> I know enough to know it is nothing to worry about. Zone Alarm is
> produces lots of popups so that it looks like it is busy and working.
> If it was as quiet as the windows firewall, people would probably not
> buy it, they would assume it is doing nothing. The average people is
> thick (when it comes to computers, and the logical thinking required).


Is this Dr James Shanley ?
I have pop-ups turned off, I invoked ZA to generate the info. I've used it
for years and never a problem. And in spite of what you think it is NOT to
make a sale - it's FREE : so this "average thick people " is doing pretty
well by them.

>
> You should not be given an explanation, because you really have no
> technical interest, you are just SCARED..
>



Ohhh I see. Thank you Dr.


> Because ZA spreads FUD (fear, uncertainty and doubt)
>
> I happen to have a little knowledge on this..
> Because I have an interest, and once read some of
> an O`reilly book called "internet core
> protocols".


You once read part of a book ?
Ohhhhhhh I see. Thank you Dr.

I once read a box full of them for MCSE, but 10 years later an incoming
message from 224.0.0.x didn't ring a bell: That's why I asked. I'm very
sorry to have interrupted your day ( but apparently not enough since you
respond further)

>
> It is clear that 224.0.0.1 IS LOCAL,
> it cannot be forwarded !!
> It refers to a group of computers on your network.
> Similarly with 224.0.0.2 and 224.0.0.4
> Infact, the whole 224/8 range is probably somewhat like that..
> They may not all be local. But anyhow, I would not worry.


So is it clear that it "IS LOCAL" , or "They may not all be local" ?
Ohhhhhhhhhhh I see. Thank you Dr.

Whether local or not - shows as incoming to my PC and my question was
trying to find out " what is causing it and why ?"

>
> The book says, as I suspected, IGMP is a control protocol like ICMP.
> Apart from a ping of death story from a long time ago, ICMP is
> harmless.


as stated earlier
My question was a desire to find out WHO was triggering it and more
importantly - WHY ? : that's all.
If you were seeing network traffic from my PC occasionally - even though
doing no harm wouldn't you want to know WHO and WHY ?

> ZA confuses end users with messages that they do not understand, and
> just makes them more worried.
> Probably causes more hassle to them than malware itself.


as stated earlier:
I have pop-ups turned off, I invoked ZA to generate the info.
as for " the hassle" : what are you talking about ?

> If you see some ip address that belongs to some blah company,
> then you may be a bit concerned.. I do not know what that
> 73.x.y.z ip address was. You did not include
> the whole of it.


as stated earlier
" Incoming IP address 73.x.x.x which whois shows as "owned by Comcast".
( not my IP address)"
( The range is registered to Comcast - an ISP provider in the states)

>
> I don`t think you know enough to use netstat to look
> on regarding what port communication is on.


I checked the logs - I can see the ports:
as stated earlier
"after reading what Comcast is TRYING to do, I wondered , WHY is my PC
accepting inquiries regarding its routing view ? "

> And what process.
> netstat -aon (then look up the process in process explorer).


The PROCESS as stated in the title of my original posting ( to which you
REPLIED) was explorer.exe

>You are just a scared end user. Just keep your data backed up and be
> quiet. And if you are interested, then don`t be so scared.
>
> BOO


Thanks for all of your help.

 
Reply With Quote
 
jameshanley39@yahoo.co.uk
Guest
Posts: n/a
 
      11-30-2007
On Nov 30, 1:25 pm, "- Bobb -" <b...@noemail.123> wrote:
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
> > On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
> > <snip>

>
> > I know enough to know it is nothing to worry about. Zone Alarm is
> > produces lots of popups so that it looks like it is busy and working.
> > If it was as quiet as the windows firewall, people would probably not
> > buy it, they would assume it is doing nothing. The average people is
> > thick (when it comes to computers, and the logical thinking required).

>
> Is this Dr James Shanley ?
> I have pop-ups turned off, I invoked ZA to generate the info. I've used it
> for years and never a problem. And in spite of what you think it is NOT to
> make a sale - it's FREE : so this "average thick people " is doing pretty
> well by them.
>


I did not say that you were an average thick person.

<snip>
> I once read a box full of them for MCSE, but 10 years later an incoming
> message from 224.0.0.x didn't ring a bell: That's why I asked. I'm very
> sorry to have interrupted your day ( but apparently not enough since you
> respond further)
>


Glad to see you are somewhat of a techie
..
So, I do not know why you are so scared by these popups.

IGMP would probably not be discussed in an MCSE book, besides a point
that you found online about those addresses being reserved.

>
>
> > It is clear that 224.0.0.1 IS LOCAL,
> > it cannot be forwarded !!
> > It refers to a group of computers on your network.
> > Similarly with 224.0.0.2 and 224.0.0.4
> > Infact, the whole 224/8 range is probably somewhat like that..
> > They may not all be local. But anyhow, I would not worry.

>
> So is it clear that it "IS LOCAL" , or "They may not all be local" ?
> Ohhhhhhhhhhh I see. Thank you Dr.
>


You only mentioned 224.0.0.1
That is local.

I am not speaking for the whole 224 range. Though I would not fear
them either!


> Whether local or not - shows as incoming to my PC and my question was
> trying to find out " what is causing it and why ?"
>
>


So you could read up about IGMP.

I warn you it is very boring..


>
> > The book says, as I suspected, IGMP is a control protocol like ICMP.
> > Apart from a ping of death story from a long time ago, ICMP is
> > harmless.

>
> as stated earlier
> My question was a desire to find out WHO was triggering it and more
> importantly - WHY ? : that's all.
> If you were seeing network traffic from my PC occasionally - even though
> doing no harm wouldn't you want to know WHO and WHY ?
>


I see you are talking about IGMP reaching your machine from hosts
elsewhere on the internet.

coming from an ip 71.x.x.x



> > ZA confuses end users with messages that they do not understand, and
> > just makes them more worried.
> > Probably causes more hassle to them than malware itself.

>
> as stated earlier:
> I have pop-ups turned off, I invoked ZA to generate the info.
> as for " the hassle" : what are you talking about ?
>


You seem worried about it. Not just looking into IGMP for your
enjoyment

> > If you see some ip address that belongs to some blah company,
> > then you may be a bit concerned.. I do not know what that
> > 73.x.y.z ip address was. You did not include
> > the whole of it.

>
> as stated earlier
> " Incoming IP address 73.x.x.x which whois shows as "owned by Comcast".
> ( not my IP address)"
> ( The range is registered to Comcast - an ISP provider in the states)
>
>


how about you see if you can trigger it,
how about filling in the x x x (i.e. so you know the exact ip
address), and send an email to comcast saying you are concerned, and
ask them what it is.

Then post back the reply to the newsgroup, because it could be
interesting..
I don`t think it is dangerous.. or anything to worry about. But still,
it may be of interest to many here. as well as yourself.


>
> > I don`t think you know enough to use netstat to look
> > on regarding what port communication is on.

>
> I checked the logs - I can see the ports:
> as stated earlier
> "after reading what Comcast is TRYING to do, I wondered , WHY is my PC
> accepting inquiries regarding its routing view ? "
>


actually, this is probably my and then your, mistake. I think it
won`t have a TCP Port. I guess it won`t appear in netstat either.
I don`t think ICMP or IGMP does.

what port do you think you see it having?

> > And what process.
> > netstat -aon (then look up the process in process explorer).

>
> The PROCESS as stated in the title of my original posting ( to which you
> REPLIED) was explorer.exe
>

<snip>

I do not know enough about IGMP to say exactly what is going on, but
here is a theory.

You mention comcast..
Is this your ISP? I notice that if I look at the header of your
posting it mentions comcast.

Maybe, a comcast machine sent a multicast message to other hosts on
its network.

Your router probably should not have forwarded it to your machine, but
it did.
(the book said that 224.0.0.1 should not be forwarded)

If you start reading about people being attacked by IGMP, then worry.

And if you have a technical interest, then I can tell you that there
are more interesting things in TCP/IP that you could read about if you
had a technical interest.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN with DMZ IP address NETed to LAN IP address!!! route-map!!! examples20001@gmail.com Cisco 0 02-07-2006 04:05 PM
PIX Firewall MAC address VPN IP address Julian Dragut Cisco 1 02-07-2006 07:57 AM
obtaining the IP ADDRESS of an IP POHNE by its MAC ADDRESS ProgDario Cisco 17 05-06-2005 02:32 PM
Routing to public IP of NAT address from internal NAT address Andrew Albert Cisco 1 02-08-2005 07:05 PM
Re: Hide Address Bar or Encrypt Address?? avnrao ASP .Net 1 05-04-2004 03:46 PM



Advertisments