Re: multicast connection trials from a home machine - is it regular?

[Jan Falkenreck <jan.falkenreck () get-ag com>]

Normally multicast packages are not routed by default. I'am not quite shure if any ISP supports it. If they do, you are 
lucky.
Otherwise you may need to install and configure a multicast router in your home scenario and  setup a tunnel to an 
multicastendpoint.

Jan Falkenreck

David Gillett wrote:
> 1.  Do you have a default gateway specified?
>
> 2.  Have you installed any of the "routing"* protocols?
> (OSPF, RIP, etc)  [If so, WHY???]
>
> * These protocols do not "route" anything -- they are used 
> to exchange routing information between routers.  You do not
> need them unless your box is acting as a router for a 
> complex/dynamic network.
>
> David Gillett
>
>
>
> > -----Original Message-----
> > From: ruben [mailto:rubenb () arnet com ar]
> > Sent: April 15, 2003 07:47
> > To: SECURITY-BASICS () securityfocus com
> > Subject: multicast connection trials from a home machine - is it
> > regular?
> >
> >
> > > From the firewall log:
> > "blocked: Out ICMP;Router 
> > solicitation;localhost->224.0.0.2;Owner: Tcpip
> > Kernel Driver"
> > That is done (as the first outbound communication) every time 
> > the machine is
> > connected via dialup to the Internet. Is that a logical part 
> > of the process?
> > OS is Win98, firewall is Kerio, the rule CAN be modified, but 
> > the blocking
> > came as default in the firewall settings. What arises my 
> > doubts is that the
> > firewall blocks the attempt to connect to 224.0.0.2 but the 
> > http and mail
> > service go back and forth as usual. A short Google search 
> > shows some info
> > about multicast in NT machines, but nothing worthwile. I'm 
> > suspecting of
> > some backdoor sitting in this machine. Of course it can be a part of a
> > legitimate process. Can you enlighten me about this?
> > TIA, Ruben.-
> >
> >
> > -------------------------------------------------------------------
> > Attend Black Hat Briefings & Training Europe, May 12-15 in 
> > Amsterdam, the 
> > world's premier event for IT and network security experts.  
> > The two-day 
> > Training features 6 hand-on courses on May 12-13 taught by 
> > professionals.  
> > The two-day Briefings on May 14-15 features 24 top speakers 
> > with no vendor 
> > sales pitches.  Deadline for the best rates is April 25.  
> > Register today to 
> > ensure your place.  www.blackhat.com
> > -------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
> world's premier event for IT and network security experts.  The two-day 
> Training features 6 hand-on courses on May 12-13 taught by professionals.  
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
> sales pitches.  Deadline for the best rates is April 25.  Register today to 
> ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
> ----------------------------------------------------------------------------



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------