Ip address / Explorer.exe IANA.org ?

Discussion in 'Computer Information' started by - Bobb -, Nov 27, 2007.

  1. - Bobb -

    - Bobb - Guest

    Some help from network /server folks please ?

    XP SP2 2 yr old PC and for a month or so I've occasionally noticed that my
    network activity leds in system tray are transmitting and receiving while
    I'm not doing anything. In Task Mgr I see explorer.exe activity during
    this nic activity. I've updated/run NAV, Ad-aware,etc - clean.

    Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
    Firewall alert:

    Incoming IP address 73.x.x.x
    Which whois shows as "owned by Comcast". ( not my IP )

    and outgoing address 224.0.0.1

    which http://www.networksolutions.com/whois/index.jsp shows as being
    owned by IANA.org.

    I never heard of IANA but appears to be internet org that is involved with
    "assigning IP's ??" Anyone explain why my pc is talking to that site ?
    I've got Linksys router on auto ip/dns so shows 192.168.1.1. I have
    windows firewall turned off and use ZA only.

    Why would someone want to have my pc send info to IANA ?


    ---------------
    Record Type: IP Address 224.0.0.1

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail:
    - Bobb -, Nov 27, 2007
    #1
    1. Advertising

  2. - Bobb -

    Paul Guest

    - Bobb - wrote:
    > Some help from network /server folks please ?
    >
    > XP SP2 2 yr old PC and for a month or so I've occasionally noticed that
    > my network activity leds in system tray are transmitting and receiving
    > while I'm not doing anything. In Task Mgr I see explorer.exe activity
    > during this nic activity. I've updated/run NAV, Ad-aware,etc - clean.
    >
    > Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
    > Firewall alert:
    >
    > Incoming IP address 73.x.x.x
    > Which whois shows as "owned by Comcast". ( not my IP )
    >
    > and outgoing address 224.0.0.1
    >
    > which http://www.networksolutions.com/whois/index.jsp shows as being
    > owned by IANA.org.
    >
    > I never heard of IANA but appears to be internet org that is involved
    > with "assigning IP's ??" Anyone explain why my pc is talking to that
    > site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
    > have windows firewall turned off and use ZA only.
    >
    > Why would someone want to have my pc send info to IANA ?
    >
    >
    > ---------------
    > Record Type: IP Address 224.0.0.1
    >
    > OrgName: Internet Assigned Numbers Authority


    > Comment: This block is reserved for special purposes. <-----


    A quick search shows 224.x.x.x as IPV4 multicast. The packet is
    not going to IANA. See page 15 here.

    http://web.cecs.pdx.edu/~jrb/tcpip/lectures/pdfs/multcast.pdf

    To snapshot all incoming and outgoing packets, try a tool like Wireshark.
    It was formerly named Ethereal, and you can probably find some
    references to either of those names.

    Picture of Wireshark capture screen - runs continuous in real time:
    http://upload.wikimedia.org/wikiped...k_Screeshot.png/800px-Wireshark_Screeshot.png

    http://en.wikipedia.org/wiki/Wireshark
    http://www.wireshark.org/about.html

    Depending on the malware, you may even find occasions where the activity
    stops, as soon as Wireshark is running :)

    Paul
    Paul, Nov 27, 2007
    #2
    1. Advertising

  3. - Bobb -

    - Bobb - Guest

    "Paul" <> wrote in message news:fihsgs$b7t$...
    >- Bobb - wrote:
    >> Some help from network /server folks please ?
    >>
    >> XP SP2 2 yr old PC and for a month or so I've occasionally noticed that
    >> my network activity leds in system tray are transmitting and receiving
    >> while I'm not doing anything. In Task Mgr I see explorer.exe activity
    >> during this nic activity. I've updated/run NAV, Ad-aware,etc - clean.
    >>
    >> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
    >> Firewall alert:
    >>
    >> Incoming IP address 73.x.x.x
    >> Which whois shows as "owned by Comcast". ( not my IP )
    >>
    >> and outgoing address 224.0.0.1
    >>
    >> which http://www.networksolutions.com/whois/index.jsp shows as being
    >> owned by IANA.org.
    >>
    >> I never heard of IANA but appears to be internet org that is involved
    >> with "assigning IP's ??" Anyone explain why my pc is talking to that
    >> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
    >> have windows firewall turned off and use ZA only.
    >>
    >> Why would someone want to have my pc send info to IANA ?
    >>
    >>
    >> ---------------
    >> Record Type: IP Address 224.0.0.1
    >>
    >> OrgName: Internet Assigned Numbers Authority

    >
    >> Comment: This block is reserved for special purposes. <-----

    > ===================
    >
    >
    > A quick search shows 224.x.x.x as IPV4 multicast. The packet is
    > not going to IANA. See page 15 here.
    >
    > http://web.cecs.pdx.edu/~jrb/tcpip/lectures/pdfs/multcast.pdf
    >
    > To snapshot all incoming and outgoing packets, try a tool like
    > Wireshark.
    > It was formerly named Ethereal, and you can probably find some
    > references to either of those names.
    >
    > Picture of Wireshark capture screen - runs continuous in real time:
    > http://upload.wikimedia.org/wikiped...k_Screeshot.png/800px-Wireshark_Screeshot.png
    >
    > http://en.wikipedia.org/wiki/Wireshark
    > http://www.wireshark.org/about.html
    >
    > Depending on the malware, you may even find occasions where the activity
    > stops, as soon as Wireshark is running :)
    >
    > Paul


    OK Paul, Thanks
    So not to be alarmed then ?? ...
    I went to web.cecs link and read , but it didn't tell me WHAT comcast ( ip
    73.x.x.x) is trying to do on my PC.
    If I scroll all the way to the right in my ZA log screen, ( I missed it
    earlier) it shows:

    IGMP Type:17
    Source DNS = 'COMCAST' subnet servers
    and
    " Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS servers
    I saw listed at IANA whois (MCAST.NET))

    I googled IGMP MCAST and found a LOT of people with same question before
    posting here:
    http://www.shrapnelcommunity.com/threads/showflat.php?Number=294216
    Suggested spyware

    But
    http://www.freesoft.org/CIE/RFC/1112/18.htm
    shows that it's trying to gain info on MEMBERS in the group.
    " The Internet Group Management Protocol (IGMP) is used by IP hosts to
    report their host group memberships to any immediately-neighboring
    multicast routers."

    Big Question: Do I care ? Should I allow it ?
    Any advantage to me ?
    - Bobb -, Nov 27, 2007
    #3
  4. - Bobb -

    Paul Guest

    - Bobb - wrote:
    >
    > "Paul" <> wrote in message news:fihsgs$b7t$...
    >> - Bobb - wrote:
    >>> Some help from network /server folks please ?
    >>>
    >>> XP SP2 2 yr old PC and for a month or so I've occasionally noticed
    >>> that my network activity leds in system tray are transmitting and
    >>> receiving while I'm not doing anything. In Task Mgr I see
    >>> explorer.exe activity during this nic activity. I've updated/run NAV,
    >>> Ad-aware,etc - clean.
    >>>
    >>> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
    >>> Firewall alert:
    >>>
    >>> Incoming IP address 73.x.x.x
    >>> Which whois shows as "owned by Comcast". ( not my IP )
    >>>
    >>> and outgoing address 224.0.0.1
    >>>
    >>> which http://www.networksolutions.com/whois/index.jsp shows as being
    >>> owned by IANA.org.
    >>>
    >>> I never heard of IANA but appears to be internet org that is involved
    >>> with "assigning IP's ??" Anyone explain why my pc is talking to that
    >>> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
    >>> have windows firewall turned off and use ZA only.
    >>>
    >>> Why would someone want to have my pc send info to IANA ?
    >>>
    >>>
    >>> ---------------
    >>> Record Type: IP Address 224.0.0.1
    >>>
    >>> OrgName: Internet Assigned Numbers Authority

    >>
    >>> Comment: This block is reserved for special purposes. <-----

    >> ===================
    >>
    >>
    >> A quick search shows 224.x.x.x as IPV4 multicast. The packet is
    >> not going to IANA. See page 15 here.
    >>
    >> http://web.cecs.pdx.edu/~jrb/tcpip/lectures/pdfs/multcast.pdf
    >>
    >> To snapshot all incoming and outgoing packets, try a tool like Wireshark.
    >> It was formerly named Ethereal, and you can probably find some
    >> references to either of those names.
    >>
    >> Picture of Wireshark capture screen - runs continuous in real time:
    >> http://upload.wikimedia.org/wikiped...k_Screeshot.png/800px-Wireshark_Screeshot.png
    >>
    >>
    >> http://en.wikipedia.org/wiki/Wireshark
    >> http://www.wireshark.org/about.html
    >>
    >> Depending on the malware, you may even find occasions where the activity
    >> stops, as soon as Wireshark is running :)
    >>
    >> Paul

    >
    > OK Paul, Thanks
    > So not to be alarmed then ?? ...
    > I went to web.cecs link and read , but it didn't tell me WHAT comcast (
    > ip 73.x.x.x) is trying to do on my PC.
    > If I scroll all the way to the right in my ZA log screen, ( I missed it
    > earlier) it shows:
    >
    > IGMP Type:17
    > Source DNS = 'COMCAST' subnet servers
    > and
    > " Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS
    > servers I saw listed at IANA whois (MCAST.NET))
    >
    > I googled IGMP MCAST and found a LOT of people with same question before
    > posting here:
    > http://www.shrapnelcommunity.com/threads/showflat.php?Number=294216
    > Suggested spyware
    >
    > But
    > http://www.freesoft.org/CIE/RFC/1112/18.htm
    > shows that it's trying to gain info on MEMBERS in the group.
    > " The Internet Group Management Protocol (IGMP) is used by IP hosts to
    > report their host group memberships to any immediately-neighboring
    > multicast routers."
    >
    > Big Question: Do I care ? Should I allow it ?
    > Any advantage to me ?
    >


    First of all, I'm not an expert in this stuff. It sounds like you're
    already aware of what malware can do, and are properly armed for it.

    I suggested Wireshark, in case you suspect a "conversation" is actually
    taking place. Wireshark uses system memory, and will also slow things
    down a bit, but you can leave it running if you have suspicions that
    something is not right.

    The address is not a simple node address, but has a special meaning.
    I think 224.0.0.1 is a multicast to all local nodes, and that packet
    type might be used for a routing protocol. It all depends on whether
    your computer network setup is appropriate for such a protocol to
    be running, as to whether this is a reasonable thing to see or not.

    I usually only have one computer running on my router box at a time,
    so what I see in Wireshark won't be the same as someone with a
    more complicated setup.

    In any case, IANA isn't spying on you :) That is all I can
    tell you with certainty. I'd be curious, whether a system process,
    or one of your applications, was trying to send that.

    As another example, it is possible, if you had both an active
    Ethernet interface, and an active wireless connection of some
    sort, both running at the same time, that routing protocols would
    be present. When a computer has more than one network interface
    running, there have to be rules for which interface a packet
    "escapes from". The computer has to make a choice, and features
    like routing and its associated protocols, might be associated
    with making an intelligent choice.

    I only have one Ethernet interface active, so my setup is
    pretty simple.

    Just a guess,
    Paul
    Paul, Nov 28, 2007
    #4
  5. - Bobb -

    - Bobb - Guest

    Re: Ip address / Explorer.exe

    "Paul" <> wrote in message news:fiicfr$tld$...
    >- Bobb - wrote:
    >>
    >> "Paul" <> wrote in message
    >> news:fihsgs$b7t$...
    >>> - Bobb - wrote:
    >>>> Some help from network /server folks please ?
    >>>>
    >>>> XP SP2 2 yr old PC and for a month or so I've occasionally noticed
    >>>> that my network activity leds in system tray are transmitting and
    >>>> receiving while I'm not doing anything. In Task Mgr I see
    >>>> explorer.exe activity during this nic activity. I've updated/run NAV,
    >>>> Ad-aware,etc - clean.
    >>>>
    >>>> Today while idle, I saw the leds so I hit STOP on ZoneAlarm and see
    >>>> Firewall alert:
    >>>>
    >>>> Incoming IP address 73.x.x.x
    >>>> Which whois shows as "owned by Comcast". ( not my IP )
    >>>>
    >>>> and outgoing address 224.0.0.1
    >>>>
    >>>> which http://www.networksolutions.com/whois/index.jsp shows as being
    >>>> owned by IANA.org.
    >>>>
    >>>> I never heard of IANA but appears to be internet org that is involved
    >>>> with "assigning IP's ??" Anyone explain why my pc is talking to that
    >>>> site ? I've got Linksys router on auto ip/dns so shows 192.168.1.1. I
    >>>> have windows firewall turned off and use ZA only.
    >>>>
    >>>> Why would someone want to have my pc send info to IANA ?
    >>>>
    >>>>
    >>>> ---------------
    >>>> Record Type: IP Address 224.0.0.1
    >>>>
    >>>> OrgName: Internet Assigned Numbers Authority
    >>>
    >>>> Comment: This block is reserved for special purposes. <-----
    >>> ===================
    >>>
    >>>
    >>> A quick search shows 224.x.x.x as IPV4 multicast. The packet is
    >>> not going to IANA. See page 15 here.
    >>>
    >>> http://web.cecs.pdx.edu/~jrb/tcpip/lectures/pdfs/multcast.pdf
    >>>
    >>> To snapshot all incoming and outgoing packets, try a tool like
    >>> Wireshark.
    >>> It was formerly named Ethereal, and you can probably find some
    >>> references to either of those names.
    >>>
    >>> Picture of Wireshark capture screen - runs continuous in real time:
    >>> http://upload.wikimedia.org/wikiped...k_Screeshot.png/800px-Wireshark_Screeshot.png
    >>>
    >>> http://en.wikipedia.org/wiki/Wireshark
    >>> http://www.wireshark.org/about.html
    >>>
    >>> Depending on the malware, you may even find occasions where the
    >>> activity
    >>> stops, as soon as Wireshark is running :)
    >>>
    >>> Paul

    >>
    >> OK Paul, Thanks
    >> So not to be alarmed then ?? ...
    >> I went to web.cecs link and read , but it didn't tell me WHAT comcast
    >> ( ip 73.x.x.x) is trying to do on my PC.
    >> If I scroll all the way to the right in my ZA log screen, ( I missed it
    >> earlier) it shows:
    >>
    >> IGMP Type:17
    >> Source DNS = 'COMCAST' subnet servers
    >> and
    >> " Destination DNS" ALL-SYSTEMS.MCAST.NET ( which is one of the DNS
    >> servers I saw listed at IANA whois (MCAST.NET))
    >>
    >> I googled IGMP MCAST and found a LOT of people with same question
    >> before posting here:
    >> http://www.shrapnelcommunity.com/threads/showflat.php?Number=294216
    >> Suggested spyware
    >>
    >> But
    >> http://www.freesoft.org/CIE/RFC/1112/18.htm
    >> shows that it's trying to gain info on MEMBERS in the group.
    >> " The Internet Group Management Protocol (IGMP) is used by IP hosts to
    >> report their host group memberships to any immediately-neighboring
    >> multicast routers."
    >>
    >> Big Question: Do I care ? Should I allow it ?
    >> Any advantage to me ?
    >>

    >
    > First of all, I'm not an expert in this stuff. It sounds like you're
    > already aware of what malware can do, and are properly armed for it.
    >
    > I suggested Wireshark, in case you suspect a "conversation" is actually
    > taking place. Wireshark uses system memory, and will also slow things
    > down a bit, but you can leave it running if you have suspicions that
    > something is not right.
    >
    > The address is not a simple node address, but has a special meaning.
    > I think 224.0.0.1 is a multicast to all local nodes, and that packet
    > type might be used for a routing protocol. It all depends on whether
    > your computer network setup is appropriate for such a protocol to
    > be running, as to whether this is a reasonable thing to see or not.
    >

    EXACTLY !

    > I usually only have one computer running on my router box at a time,
    > so what I see in Wireshark won't be the same as someone with a
    > more complicated setup.


    I have only pne PC running right now too.

    >
    > In any case, IANA isn't spying on you :) That is all I can
    > tell you with certainty. I'd be curious, whether a system process,
    > or one of your applications, was trying to send that.
    >
    > As another example, it is possible, if you had both an active
    > Ethernet interface, and an active wireless connection of some
    > sort, both running at the same time, that routing protocols would
    > be present. When a computer has more than one network interface
    > running, there have to be rules for which interface a packet
    > "escapes from". The computer has to make a choice, and features
    > like routing and its associated protocols, might be associated
    > with making an intelligent choice.
    >
    > I only have one Ethernet interface active, so my setup is
    > pretty simple.
    >
    > Just a guess,
    > Paul


    Thanks again. Since last message I read a very good description/overview
    about Traffic Control with IP Multicast (IGMP) here:

    ftp://ftp.hp.com/pub/networking/software/AdvTraff-Oct2005-59908853-Chap04-IGMP.pdf

    and after reading what Comcast is TRYING to do, I wondered , WHY is my PC
    accepting inquiries regarding its routing view ? Yeah it is set at a local
    gateway, but not 'really a resource for Comcast". I went into setup of my
    Linksys Router and looked at settings. Then went back to google searching
    a bit more and found
    - tada ...

    http://www.hansenonline.net/Networking/linksysbug.html

    ICMP, IGMP, these are events I can see in the ZA log by hitting STOP on
    Zonealarm

    So, perhaps just disabling MultiCast on the Linksys router will fix it. I
    did so and I'll report back to update this in a week or so (or sooner if
    still an issue).

    As to WHY just an issue recently, again I was thinking and MAYBE they
    replaced / upgraded a switch at Comcast and it is set to scan /send
    multicast. For now I'll leave it off and see how it goes

    Thanks again Paul
    Regards,
    Bobb
    - Bobb -, Nov 28, 2007
    #5
  6. - Bobb -

    Guest

    Re: Ip address / Explorer.exe

    On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
    <snip>

    I know enough to know it is nothing to worry about. Zone Alarm is
    produces lots of popups so that it looks like it is busy and working.
    If it was as quiet as the windows firewall, people would probably not
    buy it, they would assume it is doing nothing. The average people is
    thick (when it comes to computers, and the logical thinking required).

    You should not be given an explanation, because you really have no
    technical interest, you are just SCARED..

    Because ZA spreads FUD (fear, uncertainty and doubt)

    I happen to have a little knowledge on this.. Because I have an
    interest, and once read some of an O`reilly book called "internet core
    protocols". There are clearer tcp/ip books, and it was deadly boring,
    but anyhow.

    It is clear that
    224.0.0.1 IS LOCAL, it cannot be forwarded !!
    It refers to a group of computers on your network.
    Similarly with 224.0.0.2 and 224.0.0.4
    Infact, the whole 224/8 range is probably somewhat like that.. They
    may not all be local. But anyhow, I would not worry.

    The book says, as I suspected, IGMP is a control protocol like ICMP.
    Apart from a ping of death story from a long time ago, ICMP is
    harmless.

    ZA confuses end users with messages that they do not understand, and
    just makes them more worried. Probably causes more hassle to them
    than malware itself.

    If you had seen communication with a dodgy computer - i.e. not a
    reserved IANA address (which probably is not even touching a machine
    outside your network anyway). But if you see some ip address that
    belongs to some blah company, then you may be a bit concerned..

    I do not know what that 73.x.y.z ip address was. You did not include
    the whole of it. I don`t think you know enough to use netstat to look
    on regarding what port communication is on.. And what process.
    netstat -aon (then look up the process in process explorer). You
    are just a scared end user. Just keep your data backed up and be
    quiet. And if you are interested, then don`t be so scared.

    BOO
    , Nov 29, 2007
    #6
  7. - Bobb -

    - Bobb - Guest

    Re: Ip address / Explorer.exe

    <> wrote in message
    news:...
    > On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
    > <snip>
    >
    > I know enough to know it is nothing to worry about. Zone Alarm is
    > produces lots of popups so that it looks like it is busy and working.
    > If it was as quiet as the windows firewall, people would probably not
    > buy it, they would assume it is doing nothing. The average people is
    > thick (when it comes to computers, and the logical thinking required).


    Is this Dr James Shanley ?
    I have pop-ups turned off, I invoked ZA to generate the info. I've used it
    for years and never a problem. And in spite of what you think it is NOT to
    make a sale - it's FREE : so this "average thick people " is doing pretty
    well by them.

    >
    > You should not be given an explanation, because you really have no
    > technical interest, you are just SCARED..
    >



    Ohhh I see. Thank you Dr.


    > Because ZA spreads FUD (fear, uncertainty and doubt)
    >
    > I happen to have a little knowledge on this..
    > Because I have an interest, and once read some of
    > an O`reilly book called "internet core
    > protocols".


    You once read part of a book ?
    Ohhhhhhh I see. Thank you Dr.

    I once read a box full of them for MCSE, but 10 years later an incoming
    message from 224.0.0.x didn't ring a bell: That's why I asked. I'm very
    sorry to have interrupted your day ( but apparently not enough since you
    respond further)

    >
    > It is clear that 224.0.0.1 IS LOCAL,
    > it cannot be forwarded !!
    > It refers to a group of computers on your network.
    > Similarly with 224.0.0.2 and 224.0.0.4
    > Infact, the whole 224/8 range is probably somewhat like that..
    > They may not all be local. But anyhow, I would not worry.


    So is it clear that it "IS LOCAL" , or "They may not all be local" ?
    Ohhhhhhhhhhh I see. Thank you Dr.

    Whether local or not - shows as incoming to my PC and my question was
    trying to find out " what is causing it and why ?"

    >
    > The book says, as I suspected, IGMP is a control protocol like ICMP.
    > Apart from a ping of death story from a long time ago, ICMP is
    > harmless.


    as stated earlier
    My question was a desire to find out WHO was triggering it and more
    importantly - WHY ? : that's all.
    If you were seeing network traffic from my PC occasionally - even though
    doing no harm wouldn't you want to know WHO and WHY ?

    > ZA confuses end users with messages that they do not understand, and
    > just makes them more worried.
    > Probably causes more hassle to them than malware itself.


    as stated earlier:
    I have pop-ups turned off, I invoked ZA to generate the info.
    as for " the hassle" : what are you talking about ?

    > If you see some ip address that belongs to some blah company,
    > then you may be a bit concerned.. I do not know what that
    > 73.x.y.z ip address was. You did not include
    > the whole of it.


    as stated earlier
    " Incoming IP address 73.x.x.x which whois shows as "owned by Comcast".
    ( not my IP address)"
    ( The range is registered to Comcast - an ISP provider in the states)

    >
    > I don`t think you know enough to use netstat to look
    > on regarding what port communication is on.


    I checked the logs - I can see the ports:
    as stated earlier
    "after reading what Comcast is TRYING to do, I wondered , WHY is my PC
    accepting inquiries regarding its routing view ? "

    > And what process.
    > netstat -aon (then look up the process in process explorer).


    The PROCESS as stated in the title of my original posting ( to which you
    REPLIED) was explorer.exe

    >You are just a scared end user. Just keep your data backed up and be
    > quiet. And if you are interested, then don`t be so scared.
    >
    > BOO


    Thanks for all of your help.
    - Bobb -, Nov 30, 2007
    #7
  8. - Bobb -

    Guest

    Re: Ip address / Explorer.exe

    On Nov 30, 1:25 pm, "- Bobb -" <b...@noemail.123> wrote:
    > <> wrote in message
    >
    > news:...
    >
    > > On Nov 28, 1:57 am, "- Bobb -" <b...@noemail.123> wrote:
    > > <snip>

    >
    > > I know enough to know it is nothing to worry about. Zone Alarm is
    > > produces lots of popups so that it looks like it is busy and working.
    > > If it was as quiet as the windows firewall, people would probably not
    > > buy it, they would assume it is doing nothing. The average people is
    > > thick (when it comes to computers, and the logical thinking required).

    >
    > Is this Dr James Shanley ?
    > I have pop-ups turned off, I invoked ZA to generate the info. I've used it
    > for years and never a problem. And in spite of what you think it is NOT to
    > make a sale - it's FREE : so this "average thick people " is doing pretty
    > well by them.
    >


    I did not say that you were an average thick person.

    <snip>
    > I once read a box full of them for MCSE, but 10 years later an incoming
    > message from 224.0.0.x didn't ring a bell: That's why I asked. I'm very
    > sorry to have interrupted your day ( but apparently not enough since you
    > respond further)
    >


    Glad to see you are somewhat of a techie
    ..
    So, I do not know why you are so scared by these popups.

    IGMP would probably not be discussed in an MCSE book, besides a point
    that you found online about those addresses being reserved.

    >
    >
    > > It is clear that 224.0.0.1 IS LOCAL,
    > > it cannot be forwarded !!
    > > It refers to a group of computers on your network.
    > > Similarly with 224.0.0.2 and 224.0.0.4
    > > Infact, the whole 224/8 range is probably somewhat like that..
    > > They may not all be local. But anyhow, I would not worry.

    >
    > So is it clear that it "IS LOCAL" , or "They may not all be local" ?
    > Ohhhhhhhhhhh I see. Thank you Dr.
    >


    You only mentioned 224.0.0.1
    That is local.

    I am not speaking for the whole 224 range. Though I would not fear
    them either!


    > Whether local or not - shows as incoming to my PC and my question was
    > trying to find out " what is causing it and why ?"
    >
    >


    So you could read up about IGMP.

    I warn you it is very boring..


    >
    > > The book says, as I suspected, IGMP is a control protocol like ICMP.
    > > Apart from a ping of death story from a long time ago, ICMP is
    > > harmless.

    >
    > as stated earlier
    > My question was a desire to find out WHO was triggering it and more
    > importantly - WHY ? : that's all.
    > If you were seeing network traffic from my PC occasionally - even though
    > doing no harm wouldn't you want to know WHO and WHY ?
    >


    I see you are talking about IGMP reaching your machine from hosts
    elsewhere on the internet.

    coming from an ip 71.x.x.x



    > > ZA confuses end users with messages that they do not understand, and
    > > just makes them more worried.
    > > Probably causes more hassle to them than malware itself.

    >
    > as stated earlier:
    > I have pop-ups turned off, I invoked ZA to generate the info.
    > as for " the hassle" : what are you talking about ?
    >


    You seem worried about it. Not just looking into IGMP for your
    enjoyment

    > > If you see some ip address that belongs to some blah company,
    > > then you may be a bit concerned.. I do not know what that
    > > 73.x.y.z ip address was. You did not include
    > > the whole of it.

    >
    > as stated earlier
    > " Incoming IP address 73.x.x.x which whois shows as "owned by Comcast".
    > ( not my IP address)"
    > ( The range is registered to Comcast - an ISP provider in the states)
    >
    >


    how about you see if you can trigger it,
    how about filling in the x x x (i.e. so you know the exact ip
    address), and send an email to comcast saying you are concerned, and
    ask them what it is.

    Then post back the reply to the newsgroup, because it could be
    interesting..
    I don`t think it is dangerous.. or anything to worry about. But still,
    it may be of interest to many here. as well as yourself.


    >
    > > I don`t think you know enough to use netstat to look
    > > on regarding what port communication is on.

    >
    > I checked the logs - I can see the ports:
    > as stated earlier
    > "after reading what Comcast is TRYING to do, I wondered , WHY is my PC
    > accepting inquiries regarding its routing view ? "
    >


    actually, this is probably my and then your, mistake. I think it
    won`t have a TCP Port. I guess it won`t appear in netstat either.
    I don`t think ICMP or IGMP does.

    what port do you think you see it having?

    > > And what process.
    > > netstat -aon (then look up the process in process explorer).

    >
    > The PROCESS as stated in the title of my original posting ( to which you
    > REPLIED) was explorer.exe
    >

    <snip>

    I do not know enough about IGMP to say exactly what is going on, but
    here is a theory.

    You mention comcast..
    Is this your ISP? I notice that if I look at the header of your
    posting it mentions comcast.

    Maybe, a comcast machine sent a multicast message to other hosts on
    its network.

    Your router probably should not have forwarded it to your machine, but
    it did.
    (the book said that 224.0.0.1 should not be forwarded)

    If you start reading about people being attacked by IGMP, then worry.

    And if you have a technical interest, then I can tell you that there
    are more interesting things in TCP/IP that you could read about if you
    had a technical interest.
    , Nov 30, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Luv-N-Life
    Replies:
    1
    Views:
    3,752
    Luv-N-Life
    Aug 28, 2003
  2. oldsoul
    Replies:
    10
    Views:
    12,529
  3. NIST.org
    Replies:
    8
    Views:
    748
  4. =?Utf-8?B?Q2FyYXZhbnNlcmFp?=

    explorer.exe Application Error (NOT iexplorer.exe)

    =?Utf-8?B?Q2FyYXZhbnNlcmFp?=, Sep 10, 2007, in forum: Windows 64bit
    Replies:
    1
    Views:
    476
    Steve Foster [SBS MVP]
    Sep 11, 2007
  5. Nathan Sokalski
    Replies:
    16
    Views:
    3,369
    Vjekoslav
    Feb 22, 2010
Loading...

Share This Page