Sorry if this has been answered elsewhere but I couldn’t find anything using the search box…
Recently I’ve been receiving hundreds of ICMP blocks in my logs, from a google search I understand these are something to do with multicasting. I don’t fully understand what multicasting is though and would like to know if I should allow or continue to block this traffic, I would definitely like to stop logging it as it’s filling my logs - getting a hit every 2 mins at least. Don’t want to stop logging it and just ignore it till I know exactly what it is and what it’s used for though!
The logs are always the same -
Windows Operating System - Blocked - IGMP - 192.168.1.1 (source) - 224.0.0.1 (dest)
The only Windows System rule I have is, allow IP out to any/any/any. However, my Global rule is Block ICMP from any/any where ICMP is message ECHO requests. Either way, I don’t have the blocks logged.
Are you rules the same as mine? In your global rule is “log as a fire wall event if this rule is fired” checked?
To find out (if you don’t know), open GUI, Firewall, click advance, click network security policy, click global, click rule, click edit. Yours is most likely checked (on top next to block). Uncheck it. Click apply all the way out.
.PS If everything else is working fine, I wouldn’t worry about it. For the lack of a better term it just appears to be router chatter. I could be wrong but I believe Google (and I assume CFP) suggests you keep on blocking. If not you may have to make a rule to allow that IP.
Have a closer look at the original post. You say I-C-M-P (with a “C” for chocolate), whereas he’s saying “I-G-M-P” (with a “G” for George). IGMP is a router specific protocol.
IGMP is used by IP hosts to manage their dynamic multicast group membership. It is also used by connected routers to discover these group members.
When I get a bit more time, I’ll come back and look further.
Hikertrash - no my rules aren’t anything like yours - I’ve added one to block and not log the IGMP messages for now but, would still like to know what I’m blocking exactly…eg what is this “router chatter” all about? Could I maybe need or want this communication between my PC and router at some point? Is multicasting only used on networked computers or is it sometimes required on single PC setups?
Still in the dark…have posted sceen shot of my rules (with new block and don’t log IGMP rule) below.
