Re: Lot of blocked traffic attempting to get to 224.0.0.1

• Next message: CJ: "Re: AdSubtract Pro slows down connection?"
• Previous message: Fearless: "Clueless newbie question"
• In reply to: J H: "Lot of blocked traffic attempting to get to 224.0.0.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: h_jin3@hotmail.com (J H)
Date: 20 May 2002 21:15:52 -0700

h_jin3@hotmail.com (J H) wrote in message news:<2096abd2.0205181518.5a8b2fed@posting.google.com>...
> I am seeing many blocked attempts from Internet IP addresses port 0 to
> destination IP 224.0.0.1 port 0. I know that this is a multicast
> address. It is is being blocked on the firewall's external interface.
>
<snip>

just to clarify,
 
the source to --> destination address of this traffic is
10.48.204.1:0 --> 224.0.0.1:0

Gee, the source address is spoofed too.

There's a lot of conflicting posts as to whether this is harmless or a
DDoS. I'm betting that it is not a DDoS since it only happens every 2
minutes 5 seconds and hasn't impacted my Internet connection.

However, I can't say that this is harmless either since I found this
disturbing bit of information at

http://www.winguides.com/registry/display.php/581/

======>from winguides.com======>

DHCP Security Flaw (Windows 95/98/Me)
Category: Home > Security > Network
The ICMP Router Discovery Protocol (IRDP) comes enabled by default on
DHCP clients that are running Microsoft Windows 9x/2000 machines. By
spoofing IRDP Router Advertisements, an attacker can remotely add
default route entries on a remote system.

For full details of this vulnerability Fix see the L0pht advisory.

========>end windguides.com=====>

Another case of Windows trying to help you out by making you more
vulnerable to attacks. Unfortunately the link to the L0pht advisory
is broken so I couldn't read all the details.

• Next message: CJ: "Re: AdSubtract Pro slows down connection?"
• Previous message: Fearless: "Clueless newbie question"
• In reply to: J H: "Lot of blocked traffic attempting to get to 224.0.0.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Firewalls] Checkpoint FW-1 - Static NAT ... These services perform port mapping. ... destination port and IP address of a connection can be changed. ... After installing the new policy on the target Firewall Module, ... One to the internet, and the other to ... (comp.security.firewalls) Re: Norton Internet Security 2005, kein FTP moeglich... ... Also gab ich den Port kurzerhand in der Regel "Nicht verwendeter Windows ... Dienste Block" bei den Trojaner Regeln frei. ... Die Firewall fragte mich erneut ob ich meinem TC den Zugriff ins Internet ... (microsoft.public.de.german.windowsxp.applications) Re: Lot of blocked traffic attempting to get to 224.0.0.1 ... > destination IP 224.0.0.1 port 0. ... minutes 5 seconds and hasn't impacted my Internet connection. ... DHCP clients that are running Microsoft Windows 9x/2000 machines. ... (comp.security.firewalls) Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic ... I have set up several ipsec filter policies that worked. ... outbound to internet web servers if you want to access the internet from it. ... A mirrored inbound port 80 alone would not allow you to access the internet, ... > Destination address: My IP Address ... (microsoft.public.win2000.security) Re: Download.com being blocked ... on where they go and what they do on the Internet. ... I don't do preview in my email client ... Windows firewall has no open ports (ie. file sharing disabled, ... The only port I leave open is 22, ... (alt.sys.pc-clone.dell)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint