Re: Revised list of IPs used by Spyware and Adware (Was: bear share and zone alarm)
From: sponge (yosponge@yahoo.com)Date: 03/18/02
- Next message: Rüdiger: "Re: ZA too secure?"
- Previous message: Rüdiger: "Re: ZoneAlarm Pro 3.0 Popup help"
- In reply to: FoKa: "Re: Revised list of IPs used by Spyware and Adware (Was: bear share and zone alarm)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: yosponge@yahoo.com (sponge) Date: 17 Mar 2002 21:56:45 -0800
Those ICMP messages are probably coming from the IP layer. I'm not
sure what OS you're using so I can't tell you the app that's doing it.
In a Windows system it's whatever your kernel is called. On Win95-Me
systems, it should be called krnl386.exe. On XP, it is (I think)
services.exe.
In any case, ICMP messages really aren't anything to worry about. If
TCP or UDP traffic were going there, then you should be concerned, but
that's not the case based on your description. Filtering TCP and UDP
traffic by your firewall outbound to 224.0.0.0/3 would still work for
you though. Those router solicitations only have to go to
255.255.255.255 and, odds are, your network will pick them up anyway
but by filtering only TCP and UDP (assuming your firewall has the
ability to single out TCP, UDP, or whatnot) then it will still allow
ICMP to go through. Give it a shot and see.
In other words, if your firewall can filter just TCP and UDP traffic
-- Tiny Personal Firewall can, as can some of the other, newer ones --
simply create a rule to block TCP and UDP (TPF will let you block both
in the same rule), Outbound only. For the network, select 224.0.0.0
and for the Mask select 224.0.0.0. Obviously set this to Deny. Since
router solicitations are ICMP, and since meaningful Alexa traffic
requires TCP and UDP, blocking the whole shebang will not affect your
system's ability to make or receive router solicitations. Furthermore,
it will still allow you to take advantage of most multicast systems
(like online radio) since you're only blocking outbound traffic.
FoKa <foka@mail.inet.hr> wrote in message news:<6ml99ucho6lbg8h9v83302d51k068ujjm2@4ax.com>...
> You said:
>
> >>>Alexa
> >>Associates: Mcast Amazon.com, Verisign, many more.
> >>DNS names: alexa
> >>Primary hosts: Level3
> >>209.247.41/24
> >>224.0.0.0/8
> >>209.247.255/24
> >>Note: Alexa may use all of 209.247/16. Extra-cautious users should
> >>play it safe and block the whole thing (209.247.0.0-209.247.255.255)
> >>and use a mask of 255.255.0.0 Alexa also appears to use broadcast at
> >>239.255.255.250 for multicasting, which may be a new ad/spyware
> >>technology.
>
> I found out that my comp is constantly sending icmp router
> solicitation messages to 224.0.0.2.
> Can you tell me what is the source of this?
> I have not bear share and zone alarm on my comp and they were never
> installed on it.
- Next message: Rüdiger: "Re: ZA too secure?"
- Previous message: Rüdiger: "Re: ZoneAlarm Pro 3.0 Popup help"
- In reply to: FoKa: "Re: Revised list of IPs used by Spyware and Adware (Was: bear share and zone alarm)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
