Web Browsers & IGMP Requests

Comodo Internet Security - CIS Firewall Help - CIS
#1

Please see image,

CIS blocked IGMP requests of Dragon. Why web browsers send IGMP requests?

[attachment deleted by admin]

#2

Quite a few people have been having this problem lately, including me. Have a look at the link below.

https://forums.comodo.com/firewall-help-cis/igmp-alerts-after-upgrading-to-512-t88184.0.html

#3

it can not be true, in the meanwhile I am recieving CF alerts for unbelievable applications wanting to connect to Internet >:(
what is just missing is that my Laptop monitor also tries to connext to the net :-X

#4

Something got changed in 5.12 and has been carried through to 6. What ever they did, resulted in an increase in the number of IGMP alerts, this was confirmed by one of the firewall developers, it was also supposed to have been resolved in 5.12…

IGMP in itself is quite normal and you can expect to see these as a matter of course. Most of the requests are between devices on your LAN, which I assume you trust, and those I’ve seen that are not local, are IPv6 related and can, as I’ve mentioned elsewhere, be removed by disabling IPv6 tunneling.

As far as:

in the meanwhile I am recieving CF alerts for unbelievable applications wanting to connect to Internet

If you can provide some detail we can take a look.

#5
and can, as I've mentioned elsewhere, be removed by disabling IPv6 tunneling.
how to disable it?
If you can provide some detail we can take a look.
well I am not at home now, but all IGMP requests are to IPs 239.255.255.250 or 224.0.0.152/153, even the touchpad asks for Internet connection :o ???
#6

As I mentioned in your other thread - Re: IGMP protocol pop up through RtWLan.exe

You can do this if you’re running Vista or later and one of the IGMP addresses is 224.0.0.253

well I am not at home now, but all IGMP requests are to IPs 239.255.255.250 or 224.0.0.152/153, even the touchpad asks for Internet connection :o ???

I think we were discussing this in your other thread - explorer.exe wants to connect to Internet but you haven’t replied to my last post.

224.0.0.153 and 154 are unassigned, so you may have the last three digits wrong. Also, as I mentioned elsewhere, these multicasts are all local scope. So, if you have a router, they’re not requesting connections outside your local subnet.

#7

is there way to check if ipv6 is enabled on my system?

224.0.0.153 and 154 are unassigned, so you may have the last three digits wrong.
224.0.0.252 and 253, sorry
#8

If you’re running Vista or later, IPv6 is enabled by default.

224.0.0.252 and 253, sorry

224.0.0.253 as mentioned elsewhere, is for discovery of IPv6 Teredo clients on the same subnet (LAN) and 224.0.0.252 is LLMNR (Local-Link Multicast Name Resolution) which, as the name suggests, is for resolving names (just like DNS) on a local subnet (LAN).

#9

is this option for disabling IPv6 the same? (see screenshot)

Edit:
In regard to IPv6 I found here Configure IPv6 for advanced users - Windows Server | Microsoft Learn five IPv6 components, which can be changed/disabled.
Your advise is to set

netsh interface ipv6 6to4 set state state=disabled netsh interface ipv6 isatap set state state=disabled netsh interface ipv6 set teredo disabled

Could you tell me which from the in the URL above mentioned componets will be disabled. I think the first one is to “Prefer IPv4 over IPv6”, right?
And the second and third?

thanks

[attachment deleted by admin]

#10

There’s no need to disable IPv6 entirely - which the article describes - in fact, doing so can cause problems. If you just disable the tunnelling features, which I have shown, it’s enough.

#11

do I have to click ENTER-Button after pasting each line in the command prompt or I copy/paste all 3 lines together and then hit ENTER once?

PS: if something is how can I enable the IPv6, which I will disable with your method in the command prompt?

#12

You can enter these values either way. If you want to be sure, do it one by one and select enter after each. As far as disabling/re-enabling, use these commands:

Teredo:
To disable - netsh int teredo set state disabled
To enable - netsh int teredo set state client

ISATAP:
To disable - netsh int ipv6 isatap set state disabled
To enable - netsh int ipv6 isatap set state enabled

6to4:
To disable - netsh interface ipv6 6to4 set state disabled
To enable - netsh interface ipv6 6to4 set state enabled

Depending on your situation, you may or may not have a 6to4 adapter, just run ipconfig /all first and look at the last few entries.

#13

sorry, I am a little bit confused now because the three command lines here https://forums.comodo.com/firewall-help-cis/igmp-protocol-pop-up-through-rtwlanexe-t90360.0.html;msg651084#msg651084 look different then these (for enable) in your last post ???
Does the notation play any role for the excution of the commands?

#14

They both do the same thing, it’s just slightly different syntax.

#15

in ipconfig /all it looks so:

Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : Jatak_81
Primäres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 5:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physikalische Adresse . . . . . . : 70-1A-04-85-20-92
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbp
s USB 2.0 Network Adapter
Physikalische Adresse . . . . . . : 70-1A-04-85-20-92
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::38ba:41f6:b0cf:d23f%11(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.2.102(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Montag, 18. Februar 2013 13:12:02
Lease läuft ab. . . . . . . . . . : Donnerstag, 27. März 2149 23:42:51
Standardgateway . . . . . . . . . : 192.168.2.1
DHCP-Server . . . . . . . . . . . : 192.168.2.1
DHCPv6-IAID . . . . . . . . . . . : 326113796
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-12-E7-74-AF-00-26-22-F0-89-46

DNS-Server . . . . . . . . . . . : 192.168.2.1
NetBIOS über TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Realtek PCIe FE Family Controller
Physikalische Adresse . . . . . . : 00-26-22-F0-89-46
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 861:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6ab8:49:2a38:a7bf:f90(Bevorzu
gt)
Verbindungslokale IPv6-Adresse . : fe80::49:2a38:a7bf:f90%871(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Tunneladapter LAN-Verbindung* 862:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #351
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

so which IPv6 is enabled and which is to disable in ralation to the IGMP issue?

#16

Teredo and ISATAP, which are the last two entries on your ipconfig.

#17
IPv6 related and can, as I've mentioned elsewhere, be removed by disabling IPv6 tunneling.

nope, negative.
This is not the solution!
I disabled the IPv6 as you wrote, but still Comodo flags a lot of MP requests >:(

what is wrong?

#18

As I said earlier, disabling the IPv6 tunnelling features should remove the IGMP events related to those features, it won’t remove ALL IGMP events. As I also said, there are numerous reasons why these occur and you’ll probably need to assess each, on an application by application basis. Or, as they only exist on your LAN, leave them as they are. Failing that, you’ll need to provide more detail.

#19
Failing that, you'll need to provide more detail.
what do you mean with this?
#20

You’ll need to provide firewall logs, provide details about your firewall rules, show a new ipconfig /all etc. Once we have all the details, we might be able to work out some individual rules.