Author Topic: IGMP incoming on Port 40752  (Read 3978 times)

Offline hc33708

  • Newbie
  • *
  • Posts: 5
IGMP incoming on Port 40752
« on: March 19, 2007, 01:41:10 PM »
I've been using Comodo Firewall a few weeks now and like it.  One thing I noticed is that whenever my computer booted (Win XP) it tried to send outgoing requests 'IGMP to 224.0.0.22' and 'ICMP ROUTER SOLICITATION to 224.0.0.2'.  So after becoming confident of Comodo's abilities a few days ago I decided to add rules to allow and log those outgoing requests. The outgoing transmissions still only happen on boot, but now I'm receiving hundreds of incoming IP requests to port 40752.  They are from various IP addresses but the vast majority are from 216.201.120.98.  Despite all access being denied the connection requests still keep coming.   Presently my computer has been up for two days and I'm suprise that the probes to port 40752 keep coming despite being denied.

From some web searches it seems that the 224..... addresses have to do with multicast.  If you can help me I'm interested in understanding:
- The significance of my computer's interest in outgoing com to addresses 224.0.0.2 and 224.0.0.22
- The significance of port 40752 being the destination of all these incoming IP requests.  Something special about that port?
- Why would they keep coming from the same IP addresses despite being "access denied"?

Thanks in advance for any help you can give.

« Last Edit: March 20, 2007, 01:45:38 AM by pandlouk »

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: IGMP incoming on Port 40752
« Reply #1 on: March 19, 2007, 01:48:41 PM »
Is A5.com your ISP?

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline freonchill

  • Newbie
  • *
  • Posts: 7
Re: IGMP incoming on Port 40752
« Reply #2 on: March 19, 2007, 07:21:37 PM »
i doubt that his isp is the problem
ive always had problems w/ firewalls saying igmp (or multicast) problems w/ 224.0.0.*

Offline hc33708

  • Newbie
  • *
  • Posts: 5
Re: IGMP incoming on Port 40752
« Reply #3 on: March 19, 2007, 07:59:29 PM »
Is A5.com your ISP?

LM
No, my ISP is RoadRunner southwest.

Offline hc33708

  • Newbie
  • *
  • Posts: 5
Re: IGMP incoming on Port 40752
« Reply #4 on: March 19, 2007, 08:01:58 PM »
No, my ISP is RoadRunner southwest.
Sorry, I meant Roadrunner southeast, not southwest;  the error I suppose is due to watching too much NCAA basketball.

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: IGMP incoming on Port 40752
« Reply #5 on: March 20, 2007, 10:04:25 AM »
Sorry, I meant Roadrunner southeast, not southwest;  the error I suppose is due to watching too much NCAA basketball.

No doubt! 

I asked because the IP address you listed is assigned to A5.com.  Given that's not your ISP, I'd be suspicious of the activity.  Of course, I'm suspicious of any activity that I cannot specifically resolve to a known necessary process.   (:KWL)

Not only do the majority of routers seem to create IGMP connections to the computer (or attempt to), a number of Windows processes, services, and applications do as well, including IM programs, Windows messaging, and so on.  By default CFP is set to block them, as they are generally not really necessary for functionality.

Will you do the following things:

1.  Go to Activity/Logs.  Right-click an entry and select "Export to HTML."  Save the file, then reopen it.  Highlight and Copy a series of entries related to your situation, and Paste into the textbox of your next post.  There you can edit out your personal/external IP address with "x" for privacy (verify address by matching to the IP shown on the lower right of your posts here in the forum).

2.  Open your Network Monitor to full-screen size.  Capture a screenshot; save it as an image file (jpp, gif, png) and attach to your post under Additional Options.  If for some reason your external IP address is shown in the NetMon, you can mask it out for privacy.

That will help us get a better idea of exactly what is going on.

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline hc33708

  • Newbie
  • *
  • Posts: 5
Re: IGMP incoming on Port 40752
« Reply #6 on: March 20, 2007, 01:12:51 PM »
Thanks for trying to help Little Mac.  As you've suggested I've,
1. Attached a text file of the last hour of my log. (too big to paste) Used xxx to obsure last 3 digits of my IP address.  Also, at the bottom, I included the outgoing messages to 224.0.0.2 and 224.0.0.22 from when I last rebooted.
2. Attached a png file of my network monitor rules.  I adjusted field sizes to obscure addresses of a VPN that I use sometimes.
        

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: IGMP incoming on Port 40752
« Reply #7 on: March 20, 2007, 01:59:18 PM »
Thanks for the info.  The port is an unassigned port, as best as I can tell; this just means there's not a specific set application that has it reserved, or is registered to it.  Could make our life easier if there was, but there you go...

As to the rest...

Your network rules ID 6 & 7 appear to be incorrectly configured... they should resemble the other "zone" rules so that it will be Allow Out from Any to Zone, then Allow In from Zone to Any.  Unless you have a specific reason to set it to Zone to Zone (such as different IP ranges, etc); which I have tried, btw, and it didn't ever work quite right for my system; kept blocking DNS & DHCP stuff that will fall outside of the prescribed Zone.  That's all a little off-topic, but I thought I'd mention it.

All the entries are blocked by Rule ID 16, as they are not specifically allowed by the preceding rules.  To be honest, I don't know why you are getting those, and if they are related to your having allowed all IGMP and ICMP traffic or not; I have not heard of those protocols being exploited, but you never know...  It does seem to oddly coincide, based on the info you provided.

Do you have active antivirus, and is it updated?  Have you performed any automatic or manual scans of your system?

What if you remove Rules ID 0 & 1, and reboot... Do the entries continue?  You might try that, and let me know.

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek