I can trigger this by using for example uTorrent, if you have this installed and using uPNP it will trigger this packets to the network.
one call to 224.0.0.22 - IGMP v3 register request to “discover” uPNP routers on the local network.
two calls to 239.255.255.250 udp 1900 uPNP packets.
So it’s the application that causes this, in this case you can “untick” uPNP usage from uTorrent. But basically every application that calls for uPNP can cause this :-))
So it’s up to you to use it or not, personally i don’t like it and have it disabled on my router and hosts.
OOPS! My bad. It hasn’t been disabled, merely in “Started” status set to “Manual”. I disabled it to see what would happen. My Canon Pixma MP180 printer refused a print job of a Microsoft KB article. The error message said it was off line when it was most assuredly turned on & cabled to the pc as always. The minute I restarted UPnP to manual in services the print job executed. Looks like their is a third piece or hardware on my LAN. Never once thought about my printer.
The MP180 is an all-in-one printer, scanner, copier, photo printer. It has a slot to insert a memory card so you can print your pictures directly from it without a pc at al (though I’ve never done so and had forgotten about that capability) Connected to a pc, as it is, it appears in the display of My Computer, Printers & Scanners. There used to be a scanner file in auto start called SSBkgupdate (ScanSoft SW). Maybe it’s still calling home for updates and uses IGMP?
Whatever, I don’t think the entry is nefarious anymore. For that, I want to thank everyone for their input. You may have nailed it Ronny. You guys are great! Thanks for being there for folks like me. Think I’ll set up a rule to allow this file “outbound only” and see if that stops the BLOCK by Comodo at boot up. Would just as soon not be blocking any SW updates. (:WIN) I’ll post back as to whether my ALLOW rule does the trick.
Is that printer connected to the network ? or by USB cable ?
From what i have found it uses USB, then it has to have something to do with the printer/driver software depending on it, though it does not make sense for “phone home/check for updates” that would not need uPNP.
uPNP is only needed for “incoming” traffic.
Somebody whack me up side the head. Sorry I misstated in my last post. My eyes are really playing tricks on me these days. It was my Play and Play service that is set to Started, Manual. When I disabled THAT service my printer/scanner baulked.
My UPnP Device Host has been disabled for ages. Must be my router, then? I’ll go out to the 2Wire website and take a good hard look at all router firewall settings. I’ll be back.
It’s USB cabled at the back of the PC. It’s not shared, as I’m the only pc on this “lan”, if you can call it a lan. Maybe we’ll get another pc or two and then I’ll feel like it really is a lan, LOL.
I went out to the 2Wire Home Portal website & checked every single page on the site for my modem/router settings. I saw no reference to UPnP anywhere. It shows I’m Ethernet=1 and Wireless=0 (no surprise, since as I told the SBC installer I didn’t want him to set it up as wireless, but hard-wired to the phone system.), I’m connecting with PPPoE, and the router obtains my IP address automatically and my DNS information automatically. I know this to be the case as every time I sign on over at BBR DSL Reports forums it tells me I’m a a different IP address on the login screen.
As to whether the IGMP entry is a “match” or “call” to that IP#, sorry, I don’t know what that means.
Then it was a “match”. Nothing nothing else on the log but the logged entrying Win Op System OUT using IGMP from my IP to 224.0.0.22 with blanks where source/destination ports are shown.
Protocol IGMP is either enabled by you or your ISP. The default multicast add is 224.0.0.22 and if this is protocol blocked by Comodo, it not really that bad. therefore, I don’t think it’s a security issue…
this is an old thread but still people look for igmp 224.0.0.22 related info on the net.
I have also a clean and fresh vanilla Win7 32b running with CIS on it and some outbound cons I marvel on.
This thing describted above might derive from any router that sits before your lan/pc. Some have an option for uPnP support and may depend on this. E.g., my router needs it as far as I am aware of for its fax (software fax on my client pc) to work.
However, I am an absolute beginner and have no real knowledge so please take the above as my assumption only.
Hi, are you using the Software FAX to send only? or can you also receive a FAX?
I think uPNP is only used for incoming FAX traffic, and if it’s a bit of software it allows you to fix your port used for incoming faxes. In that case you can manually configure your router to forward only that port to your PC. And you can then remove the uPNP advertisements from the router.