Comodo Outbound IPMG Traffic Hotfix Resolution

Being the security freak that I am I was checking my Comodo Activity logs and noticed that I have a lot of Outgoing IGMP blockings from my IP Address to 224.0.0.22 in fact it’s 90% of my logs! I checked my router and I have IGMP and PnP turned off so it’s not my router. I then learned from googling that it’s my computer trying to send out MultiCast messages. I found out that it relates to a TCP/IP Denial of Service Volunerability on this site:

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=(MS06-007)+Vulnerability+in+TCP%2FIP+Could+Allow+Denial+of+Service+(913446)

Thankfully there’s a Microsoft Security Patch here:

http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx

And can be downloaded from here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7BB21D74-C37B-472B-BB10-71D4680680A7&displaylang=en

I checked my Windows Updates in my Add/remove programs and it isn’t there! Wierd that windows update never picked this one up to install. At any rate, I’ll install the update and see what happens.

I just thought this would be some helpful information and a BIG PRAISE to Comodo for blocking those IGMP thingies from getting out of my computer!

(L)

Eric

My question/issue seems to be resolved. no longer getting those alerts so far. Now only getting outbound alerts to : IP 205.188.146.145

This is according to my router is my DNS Server IP Address.

Any info or advice would be greatly appreciated.

Thanks for your patience.

Eric

The IPMG Outbound alerts are back again but I suppose if everything is working fine there isn’t a problem and at least I found out about the security hotfix. This is turning into more of a FYI post than a Help Issue. Moderators, please feel free to move this to FAQs or wherever is most appropriate.

I’ll keep everyone posted…

Eric

Hey EricEgan, I think you need to look at which applications your using to track this problem to it’s source.

As you probably know. IGMP (Internet Group Management Protocol) is used in a variety of situations. Listening to Internet Radio, chat programs, etc.

Any ideas how i find that out? It may be my AOL or something else.

I only get inbound blocked messages about once a week.

Eric

You should not worry about IGMP multicasting.That traffic doesn’t cross your LAN borders.

The Microsoft Advisory you cited is referring to inbound IGMP traffic from the internet.

[b]Block all IGMP network packets at the firewall or router[/b] Blocking IGMP packets at the firewall or at the router will help protect systems that are behind that firewall or router from attempts to exploit this vulnerability. We recommend that you block all unsolicited inbound communication from the Internet. ISA Server 2000 and ISA Server 2004 can be used to block the affected types of traffic.

IGMP form Internet is not Enabled by default in CPF (which is configured to block and log all Inbound traffic excluding two types of ICMP)

Thanks Gibran, Think I was in a panic or something. On a different note: Still strange that I hardly get any Inbound Violation Alerts. Used to get tons with ZA and Outpost Pro. I suppose it’s all lagitimate traffic and I am behind a my wireless router with it’s firewall turned on.

Eric

Like you I find no record of the IGMP hotfix (KB913446) in my Add/Remove list. However, according to Belarc Advisor, this was installed on my machine on 02/17/2006, that is, more than 15 moths ago. I can even verify from my notebook that this was a Critical Update on Patch Tuesday (02/14/2006), although it was not delivered to me until the 17th. Could you have missed it?

Maybe but I only recently reinstalled everything including XP and maybe I did miss it.

Thanks for all your help. Wife shouting at me for being on the computer too long tonight better be off…

Eric