|
Is this safe to allow access ?
Sat, 8 Jul 2006 07:35:24 +0100
uk.people.silversurfers
previous
Aries...
|
WHOIS Record For
224.0.0.22
Tickettyboo...
|
My method of making a decision..
Say no, if you can carry on doing what you are doing and see what you want
to see ( which is often the case) fine - if not 'then' decide if what you
are doing/ wanting to see is vital enough to want to go into all the
rigmarole of finding out about it
:-)
Aries...
|
that is what I did in the end Boo but I'm nosey like you and want to know
Old Grizzly...
|
but not Who! LOL
Aries...
|
what and why ;)
|
|
Record Type: IP Address
OrgName: Internet Assigned Numbers Authority
pmj...
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
pmj...
|
What's doing the asking then?
Aries...
|
Always my firewall - Sygate.
datasmog...
|
Wrong answer. What were you doing when the request popped up?
Most likely browsing a webpage which contained some media.
Multicating is respectable mostly. It's used to stream content over
networks including the internet.
The BBC uses it.
Aries...
|
I had only just turned on my laptop - no browsing. None of my other puters
were on at the time.
Ali...
|
It may be your ISP asking who is on the net segment, or your laptop
announcing "I'm here, can I have an IP address please", both normal
pmj...
|
Well, surely, it's the DHCP (Dynamic Host Configuration Protocol)
stuff that does that? - & the MultiCast "Broadcasts" only happen
*after* an IP Address has been Allocated.
Ali...
|
Perhaps I'm getting confused with something else, but how can the DHCP
server tell the new host it's IP address, except by broadcasting it?
Yes I was getting confused with a different BROADCAST, as used in the DHCP
protocol.
|
|
occurances, but not usually flagged be the firewall.
pmj...
|
Yep - That's what is making me wonder what's going on & how come
Aries has only just started getting these Prompts about it?
|
Aries...
|
could be I guess - desktop is on now so I can use the printer but the
pmj...
|
Multicasts are always Sent (& Received) when a Connection is first
made with a Network. Which explains why it happens when you first
switched the PC(s) on.
But like I (& Ali) said, normally most Firewalls have pre-defined
Rules to handle that sort of thing, so you won't see it.
What's changed to make your Firewall Alert you to them?
Cos they will have been there all along.
|
notice hasn't appeared again since.
pmj...
|
Next time you get an Alert about it (or anything that is asking for
any kind of Access), make sure to make a note of what *Process* is
doing the (attempted) Connection.
It *should* be (on a WinXP System) the thing called "Generic Host
Process" (svchost.exe)
svchost.exe is the Process that Runs several of the Services that
are used for Networking & the Internet on a WinXP PC.
|
|
|
|
|
pmj...
|
No, sorry - I meant what Running Process (Program or Application)
Sorry if that wasn't clear - I presumed it was a Firewall Prompt
you were getting, but the Firewall is only telling you that some
Process is trying to Access somewhere (or be accessed by somewhere) -
what matters when you get any Prompt like that is what Process it is
that is doing the Accessing (or is being accessed).
As well as what IP Address & what Port.
That's what I was trying to explain by this next bit...
|
|
Whenever you get any Prompt like that (for any IP Address or any Port),
you need to take note of what's doing the asking, cos some things are
OK & others aren't.
Do some searching the web for that IP Address (or Range) or for MCAST
(MultiCast) & you will find that it's perfectly normal - it's not
actually *needed*, but it does no harm.
Aries...
|
I have web-search and I posted the exact result! Still none the wiser hence my
pmj...
|
Well, what you Posted was just a standard WHOIS Output for the
IP Address.
A WHOIS just says who the IP Address (or block of IP Addresses)
is Allocated to.
All IP Addresses are allocated by IANA (the Internet Assigned Numbers
Authority)
Have a look at some of the Info on their Site...
IP Addresses are then Allocated (in Blocks) to various other
National/Regional Organisations, such as RIPE, ARIN, APNIC etc,
who then Allocate them to the firms.organisations who use them
(Networks & ISPs & Companies etc,)
There are certain Blocks of IP Addresses that are never issued for
use on the Internet, (they are "Reserved" Addresses) so can be used
by lots of individuals & Companies in their own Networks, such as:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
So anybody (& everybody) can use them (on their own Networks)
& they can't be accessed (directly) from the Internet.
Any IP Address that is listed in the WHOIS Records as being Allocated
to "IANA" is basically a "Reserved" Address & yo uthen need to look
at the IANA Documentation to see what it is & what it's used for.
& there are various other Blocks (& Addresses) Allocated for defined
purposes - have a look here...
Special-Use IPv4 Addresses
Among which are the "MultiCast" IP Addresses as defined here...
You will find that Page is on that "List of Popular Links" Page above.
& On there it says...
The multicast addressess are in the range
224.0.0.0 through 239.255.255.255.
The range of addresses between 224.0.0.0 and 224.0.0.255, inclusive,
is reserved for the use of routing protocols and other low-level
topology discovery or maintenance protocols, such as gateway discovery
and group membership reporting. Multicast routers should not forward
any multicast datagram with destination addresses in this range,
regardless of its TTL.
Which is why I asked what Process it was, that your Firewall had
detected was attempting to do that Access.
Aries...
|
sygate as I mentioned earlier
pmj...
|
No - Sygate is the Firewall.
& it's Sygate (the Firewall) that is blocking something (which is
Running on your Computer) from trying to access somewhere (or from
being accessed by somthing somewhere else - you haven't yet said
whether it was an Incoming Connection attempt or an Outbound
Connection attempt)
All that the Firewall (Sygate) is doing is Blocking it & Alerting
you to the Connection Attempt & asking you what you want to do.
You can only make a sensible decision about whether or not you want
to Allow it if you know *what* Process it is that is attempting the
Access & to/from what IP Address (which you've already said what the
IP Address is & it's a MultiCast Address) & on what Port
The Firewall *should* tell you all those things, so you can decide
what to do.
So, what is the Running Process that is being Blocked (by Sygate)
from Access?
|
|
Cos MultiCast stuff is not normally flagged up by most Firewalls,
unless you've been fiddling around changing the built-in Rules!
Aries...
|
Nope, no fiddling
pmj...
|
Well, something is making it now show up, whereas you weren't getting
it showing up before (I presume)...
MultiCasts have always been there, so something's changed, to make
it now show.
|
All I want to know really is it safe to allow it or not LOL
Anita...
|
When in doubt - keep it out ! That is what I do
|
pmj...
|
As Boo says - with *any* Connection Attempt (& Prompt about them)
you should always *Block* (Deny)_ them, unless & until you know
that it's OK.
Have a read up about all this "MultiCast" stuff (on some of those
Links that I Posted) & you will see that it's not actually *needed*,
so can be Blocked with no probs.
You *could* allow it, cos it's not (usually, as far as I know)
Malicious, but there's no point in Allowing anything that you don't
actually *need*.
|
|
|
post
|
A Full explanation of what Multicast is & why it's used won't fit
into a News post!
:-)
Aries...
|
don't think I'll bother do you, but it's been an interesting discussion ;)
|
Aries...
|
Oh :(
pmj...
|
Have a look at some of those Pages on the IANA Site (& also on some
of the other Sites, such as WikiPedia & HowStuffWorks.com etc.)
|
|
|
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
|
|
