I connect to the web via a personal firewall, it tells me whenever I first connect:
Win32 Kernel core component is trying to broadcast an ICMP Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you want to allow this program to access the network?
Samspade.org’s IP-whois gives these results for 224.0.0.2
Anyone know anything about why this is happening and what it all means?
(I intend to email the OrgTechEmail as identified by samspade.org.)
That’s the IANA, the people resposible for assigning IP addresses. Why your computer is trying to connect to them, I’m unsure, but it’s certainly innocuous at worst. I’m guessing it’s contacting their server to be assigned an IP address, though I don’t know why it would do that, unless you’ve got software that allows your computer to act as a webserver installed and running. Your internet IP address is assigned by your ISP, who in turn gets a block of IP addresses assigned by the IANA.
Thanks for your input Q.E.D. (and only eigth minutes after my OP!)
Samspade have this to say about personal firewalls, hmmm!
224.0.0.2 is the multicast address for all routers on a given subnet. A broadcast would go to every address on the subnet. A multicast address only points to a certain subset of IP addresses.
ICMP type 10 is just what your alert says it is - a router solicitation. Somebody correct me if I’m wrong, but I’m pretty sure your router is just looking for a way out to the Internet and is simply issuing the solicitation to find another router to point the packets in the right direction.
Yes, it’s a multicast router solicitation. Basically your machine is just asking who it’s neighbors are. No big deal. See here.
Per Neutron Star , every computer is running a rudimentary software router, and it is just doing it’s job.
oh BTW, IANA is the Internet Assigned Numbers Authority, i/e the folks who hand out the addresses on the internet.
I use Zone Alarm from Zone Labs. I realize it’s limitations and I have had programs trying to broadcast from my computer that the ZA blocked. I used my Spybot and found out it was spyware sending something out. What, I don’t know, but it was blocked.
My point: I just turn off the alerts and regularly check what programs are allowed internet usage. I only worry if something new is trying to get out. My thought is that if someone REALLY wants in, not much I can do. If the CIA can get hacked, I can too.
I like what my little firewall does and don’t surf the net without it, I just turn off those annoying alerts.
Just a moment but wasn’t there a DDOS attack on IANA recently? The OP should definitely check his machine for trojans.
I run a freeware (what a cheapskate I am) virus checker, and keep it up to date, so I’m hoping that my machine is clear of trojans. (Having said that, up until this thread I’ve always denied attempts to broadcast to this address – if it all goes pear-shaped, I’ll let you know.)
Thanks to each of you for your input.