12-12-2006 05:57 AM - edited 03-10-2019 03:22 AM
Hi,
Any ideas, why this Network Shield Rule (For Malicious Packet) is getting triggered for these IGMP Packets ?
TESTMODE: A packet with malicious content was detected. Reason: Malicious packet. IGMP: 10.1.2.136->224.0.0.22 type 0x22. The operation would have been denied.
TESTMODE: A packet with malicious content was detected. Reason: Malicious packet. IGMP: 10.1.2.144->224.0.0.1 type 0x11. The operation would have been denied.
As far I researched 0x11 (Query) and 0x22 (v3Report) are Valid IGMP Packets.
Thanks,
Naman
12-18-2006 11:03 AM
12-18-2006 12:16 PM
I think these are benign (I'm assuming this is a NAT'd adapter?) and are legit multicast traffic. Since the rule is set to deny and log, you are getting the messages.
If they weren't going to a multicast address (in this case igmp.mcast.net), you might get concerned.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide