strange protocol.

hi.
does anybody know what a IGMP protocol is please?
my firewall has blocked two intrusions with this protocol.
ive never seen it before.

kind regards. ???

I made fast research and found these websites

http://www.velocityreviews.com/forums/t191249-what-is-igmp-protocol.html

http://www.velocityreviews.com/forums/t297021-igmp-please-help-im-freaked.html

I don’t think it is a malware or anything that might be dangerous.

I hope this will answer your question and in case doesn’t answer your question you will need to search further.

Regards,
Valentin

hi valentinchen.
many thanks to you.
im still not sure what all that means.

thanks again. :comodorocks:

Per the Wiki:

Membership Queries are sent by multicast routers to determine which multicast addresses are of interest to systems attached to its network. Routers periodically send General Queries to refresh the group membership state for all systems on its network. Group-Specific Queries are used to determine the reception state for a particular multicast address. Group-and-Source-Specific Queries allow the router to determine if any systems desire reception of messages sent to a multicast group from a source address specified in a list of unicast addresses

CIS is stateful, so it’ll block any unsolicited inbound traffic. It sounds as if you or somebody on the LAN is a streaming media subscriber of some form, e.g., via MS Media Player and, e.g., internet radio.

Dunno where the logging is occuring, i.e., global ruleset or process specific network security policy.

I allow ICMP in from gateway that is ECHO REPLY and block all other ICMP not from the gateway AND is not FRAG NEEDED (any FRAG NEEDED from anywhere is allowed in). I only allow ICMP out to the gateway for ECHO REPLY, PORT UNREACHABLE, and FRAG NEEDED. I also allow ICMP out to the CIS cloud for PORT UNREACHABLE.

ALL other ICMP out traffic is blocked and logged. This is a warning flag that some incoming IP traffic has elicited a response from my system; that’s bad if you want your system to be a black hole. Only two specific issues have warreated opening up ICMP out:

  • NetBIOS name query packets from the gateway
  • port unreachable to the CIS server domain

In either of the above cases, failure to respond results in long-term barrage of incoming traffic from those sourcxe IPs (all replies to which get blocked). A single outbound ICMP of apprpriate type and the incoming traffic ceases (obvious due to lack of outgoing ICMP to those IP address).

At the app level, all IP connections outbound by app for which no explicit outbound rule exists have ‘ask and log’ by IP protocol any as final rule. If an app needs IGMP connection outbound, I’ll become aware of that fact pronto. Set up an explicit IGMP out rule to specific destination IP addresss and everybody’s happy and everything works flawlessly w/out alerts.

My alerts are few and the log is sparse. I’m happy.

hi wxman1
thank you very much for that in-depth explanation.
im currently using a public wi-fi connection at the moment.
as long as it is not malicious in nature.
ive heard the term “blackhole” before,what is that?

thanks again.

A blackhole is a star that has collapsed in on itself and has become so dense that the gravity well is so deep that not even light can escape from it.

:smiley: :-TU

A woman’s purse is a black hole too. Everything goes in it can never be retrieved.:smiley: