svchost sends a UDP message from port 138 to 255.255.255.255 port 138
I believe this is a general broadcast which tells every-one my IP Address, and possibly explains why some days the Firewall logs show a lot of other IP addresses that seem to know I am on-line, and all of which frantically hammer one of my port numbers - a zomby army conspiracy for the day, or perhaps my svchost broadcast specified the port number.
Nothing ever responds to this message sequence. I do not see how it can benefit me, and I fear it attracts hackers to my dynamic IP address of the day.
This message is repeated at exactly 718 to 722 Second Intervals, excepting that when the modem disconnects and then reconnects (without a system restart) it commenced 691 Seconds after the first connection of the day, and 765 Seconds after the subsequent disconnect and reconnect.
svchost sends a UDP message from port 138 to port 138 at 255.255.255.255
The differences are :-
It always causes an internet response (which the Firewall blocks) within 1 Second;
It is always repeated at exactly 1932 to 1933 Second intervals, even when the modem is disconnected and reconnected;
and it is fully UN-sysnchronised to the previous sequence that runs at 720 Second intervals.
The internet response to this message is generally a repetition of 3 or 4 sets :-
ICMP source 255.255.255.255 Type(3) destination 78.149.108.232 Code(3)
where 78.149.108.232 was the dynamic IP address I was allocated at that time.
This response is Destination Unreachable (port unreachable)
Windows Operating System sends an IGMP from 78.149.108.232 to 224.0.0.22.
It does this about 1 Second after the modem connects to my ISP, and then the internet at 2 second intervals gives 8 off responses of Destination unreachable (port unreachable).
My Questions :-
a) What are the purposes of these three types of message
b) Will I suffer any ill effects by starting my Network Global Rules with
“Block IP Out from IP Any to IP 255.255.255.255 Where protocol is any”
c) Similarly, should I block “224.0.0.22” which I understand is multicast not broadcast - I don’t know the difference but assume it is still likely to tell hackers where I am.
Note, I believe IGMP messages are relevant to Networks, and my computer has never been part of a corporate Network so I guess IGMP is not needed - or does it get involved :-
i) when my son uses “LogMeIn” to take over as administrator from 200 miles away ?
ii) when we use Windows Live Messenger with a Logitech Web Cam (with its bundle of software) ?
I used the Stealth Wizard, and changed the first rule to
“Allow And Log IP Out [from any any any]”
And the attached image (Fire_Events_StartUp.gif) shows the first internet transactions of the day.
Supplementary but less urgent questions are in a following post.
Regards
Alan
[attachment deleted by admin]