Re: Why is Win Explorer accessing the Net?

chris_at_nospam.com
Date: 12/24/03 

Date: Wed, 24 Dec 2003 20:11:08 GMT

On Tue, 16 Dec 2003 12:14:26 GMT, Lars M. Hansen
<badnews@hansenonline.net> wrote:

>On Tue, 16 Dec 2003 08:39:45 GMT, Vance Roos spoketh
>
>>I run Win XP Pro and I recently got a message from my Sygate Pro 5.0
>>firewall which said:
>>
>>==== START QUOTE ====
>>"Windows Explorer is trying to broadcast an ICMP Type 10 (Router
>>Solicitation) packet to [224.0.0.2]. Do you want to allow this
>>program access to the network?"
>>==== END QUOTE ====
>>
>
>Simply disable the IRDP in the registry. The value name is
>"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\[InterfaceName]\PerformRouterDiscovery".
>Set the value to 0 (zero), and it'll stop.

Isn't it a bit odd that Explorer is the process reported doing the
discovery? Doesn't this discovery occur when tcpip or the ppp comes
up which may happen before explorer is running?

Of course, it won't be long before the adware/spyware programs learn
how to use the built-in system calls instead of directly trying to go
the network. As an example, the services.exe can handle most of the
system calls a spyware program would make and the software firewall
would just see the generic services.exe .

-Chris

Relevant Pages

  • Re: Why is Win Explorer accessing the Net?
    ... >>I run Win XP Pro and I recently got a message from my Sygate Pro 5.0 ... Doesn't this discovery occur when tcpip or the ppp comes ... it won't be long before the adware/spyware programs learn ... how to use the built-in system calls instead of directly trying to go ...
    (alt.computer.security)
  • Re: Why is Win Explorer accessing the Net?
    ... >>I run Win XP Pro and I recently got a message from my Sygate Pro 5.0 ... Doesn't this discovery occur when tcpip or the ppp comes ... it won't be long before the adware/spyware programs learn ... how to use the built-in system calls instead of directly trying to go ...
    (comp.security.firewalls)