Hi all. After being infected with the W32/Klez.h@MM virus (which attacked and disabled my Norton Antivirus), I installed the Sygate Personal Firewall. It has been working fine and a window pops up when I go to web sites detailing the website's name and IP address and asks me if I want to indeed allow my computer to go to that site. However, when I log onto my Qwest DSL, the firewall puts up the following message: "Win32 Kernel core component is trying to broadcast an ICMP Type 10 (Router Solicitation) packet to [224.0.0.2]. Do you want to allow this program to access the network?" If I do NOT accept the connection my web browsing slows down and sometimes crashes. If I DO accept the connection things operate fine but in the back of my mind I wonder if I'm opening up my computer to some mischief. Since it pops up immediately after I logon to Qwest, I asked Qwest Tech Support if that IP address is part of their network and their answers have been useless. They don't seem to know! My case is now in the Qwest shuffle and I have no idea if and when I'll hear from them again.... So I downloaded IDSERVE from the ShieldsUP! site and found out that that IP address is part of "All-Routers.MCAST.NET". I relayed that info to Qwest and have yet to hear back from them. My question then is basically how do I know if it's safe to accept that connection? Does anyone hear have the tech know-how and tools to investigate that IP address? Any help would be greatly appreciated. Thanks in advance!
This is a Internet Control Message Protocol (ICMP) packet as defined in RFC792. This message is used to initially setup the network hop between your PC and the Qwest router. It is not a problem to hit "accept".... this does not directly leave you open to any type of mischief. - Greg
Greg, but how do I know for sure that it's the Qwest router? Wouldn't Qwest be able to tell me that? If it is NOT the Qwest router shouldn't I be worried? Thanks!