IGMP.MCAST.NET?

Post #45,557 by Steven A S 7/14/02 2:43:20 PM Reply	IGMP.MCAST.NET? OK, I had to break down and get Win XP (spit, spit) for my new game computer. Being the properly paranoid sort, I loaded up the Sygate firewall on it. Since my router handles most external intrusion, I did this more to prevent the software from sending out data. Now, Sygate keeps catching different network programs and servers broadcasting to 224.0.0.22 (IGMP.MCAST.NET). I get one notification, block it, then the next time I start, another program is found trying to broadcast to it. Since observing this trend, I've started blocking that address altogether, but I was wondering if anybody here knew what that server is supposed to be for, and why Windblows feels it needs to broadcast to it. ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton
Post #45,574 by orion 7/14/02 7:06:33 PM Reply	Possible virus? Maybe built in OS feature? [link\|http://groups.google.com/groups?q=igmp.mcast.net&hl=en&lr=&ie=UTF-8&sa=N&tab=wg\|[link\|http://groups.google.com/groups?q=igmp.mcast.net\|http://groups.googl...mp.mcast.net]&hl=en&lr=&ie=UTF-8&sa=N&tab=wg] a Google search on newsgroups shows some interesting results. It could be your WINS server? In NT it can be turned off: [link\|http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q151761\|[link\|http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q151761\|http://support.micr...N-US;Q151761]] I suspect that IGMP stands for: [link\|http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214391,00.html\|[link\|http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214391,00.html\|http://searchnetwor...4391,00.html]] The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for an Internet computer to report its multicast group membership to adjacent routers. Multicasting allows one computer on the Internet to send content to multiple other computers that have identified themselves as interested in receiving the originating computer's content. Multicasting can be used for such applications as updating the address books of mobile computer users in the field, sending out company newsletters to a distribution list, and "broadcasting" high-bandwidth programs of streaming media to an audience that has "tuned in" by setting up a multicast group membership. Somehow the W2K or XP machine has a multicast group membership to that domain or IP? I assume this is set on by default somewhere? *I am free now, to choose my own destiny.*
Post #45,589 by static 7/15/02 1:01:20 AM Reply	Hang on - I've heard of this. It's the OS itself. Wish I could find a link... Wade. "Ah. One of the difficult questions."
Post #45,590 by Andrew Grygus 7/15/02 1:22:57 AM Reply	Links? Try . . . . . . Google with "224.0.0.22" (the quotes are needed, or else after trying without quotes, click on "sites containing"). You'll get plenty of stuff. [link\|http://www.aaxnet.com\|AAx]
Post #45,600 by pwhysall 7/15/02 7:24:00 AM Reply	Disable the UPnP service It's the "Universal Plug and Play Device Host" service. Set it to "disabled" and reboot. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #45,869 by Steven A S 7/17/02 9:53:48 AM Reply	Re: Disable the UPnP service UPnP is already set to manual, not Started. But that could be because it's blocked. Thanks for the info all. ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton
Post #45,957 by pwhysall 7/18/02 6:15:23 AM Reply	What "Manual" means There are three states that a Windows service can be in, besides "running or not" : manual, disabled and automatic. "Manual" really just means "started on demand", rather than "started by the user". If you really want to nobble a service, you stop it, then set it to "disabled". Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #45,970 by Andrew Grygus 7/18/02 9:39:17 AM Reply	Yup, I noticed that . . . Set a bunch of stuff to manual, rebooted, and some of it was running after the reboot. [link\|http://www.aaxnet.com\|AAx]
Post #46,250 by Steven A S 7/20/02 10:59:39 PM Reply	Any other services I might want to watch out for? I've already blocked the "Generic Host Processes" from global internet access, but I didn't want to shut it off completely if it's useful for the local network as well. ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton

Welcome to IWETHEY!