Could anyone give me a laymans explaination of an Internet Multicast? I was doing some practice, cloning HDDs and when I reinstalled a partition with a clone of an XP drive, I started getting Zone Alarm alerts as follows: "The firewall has blocked an Internet Multicast to your computer [IP Protocol 89] from 172.16.160.1." I'm also getting the same alert with my ISPs addy.

And boy, I'm talking about alerts. I'm getting 500 every 15 minutes or so. I'm behind a router and don't usually get ZA alerts.

What the heck is going on here?

:confused:

Hi Steve, you may find one (or many) these links helpful:

http://www.cisco.com/warp/public/759/ipj_2-4/ipj_2-4_multicast.html
http://www.osti.gov/bridge/product.biblio.jsp?osti_id=10196989
http://www.iana.org/assignments/multicast-addresses
http://www.serpentine.com/~bos/tech/mbone/

After reading the above links (thanks) and many more, I know alot more about internet multicasts than I used to, but I still don't understand what's going on with my computer.

I've contacted my ISP and it seems someone is using my ISPs DNS server to attempt to scan my computer. My ISP is not amused. They have asked me to leave things as they are while they investigate.

I've gone over my computer with a fine tooth comb and I think it is clean. Nothing seems to be calling for attention. It's something out on the internet that is fixated on me. It scans the 172.16.142.1 to 172.16.164.1 range, over and over. I've had over three million hits in the past few weeks.

It'll be interesting to see what comes of this...

Hi Steve. Whose IP addresses are those--yours or the computer(s) scanning your system? I can tell you this, and I found it in the Network + study guide, and I quote:

"Three other special address types are:
10.x.x.x
192.168.xxx.xxx
and
172.16.x.x - 172.31.x.x

These addresses are specified in RFC 1918 as being available to anyone who wants to use private addressing on a private network, but does not want to connect to the internet. Private addresses are those addresses that are not routed by Internet routers. Public addresses are those IP addresses that will be passed by Internet routers. You can use this address without the risk of compromising someone else's registered network address."

WHAT DOES ALL THIS MEAN?


I don't know...:( But...

These attacks, if I am looking at this in the right way, cannot be coming from the Internet since these addresses are private addresses that will not be routed through the Internet. These "attacks" could quite possibly be stemming from within your own network. What sort of setup do you have at home in the way of networking devices? Is your DNS set up properly? (To find out go into your browser and type in a known IP address and see if it is converted to a FQDN (fully-qualified domain name). If so, then your DNS seems to be working.

The tech at the ISP said the 172.16.142-162.1 addresses are theirs. ZoneAlarm is reporting the error message above, at a quick, repetative, pace. Tech says those addies are listed as currently not in use but he can see the activity.

I just got home and was hoping to have a message from them but haven't heard anything yet.

I have a Linksys cable modem and router with two to four PCs hooked up in various setups. I have been playing around quite a bit lately. Different OS's and software. Formatting and reinstalling everything at least once per week. This started during all that playing around so it's possible that it's something that I did. I'm just at a loss as to what it might be.

I just hope we can pin this down quickly. I want to get back to playing... ;)

Well, the whole thing is still a mystery. To me, at least. My ISP decided it was my fault and threatened to cut my service for TOS abuse. When I asked which term I abused they admitted that they didn't know but somehow or other this was my fault. Good grief.

They finally figured out how to block whatever was going on. :) Although I have been left without an explaination. The tech said it seems to have something to do with an IP addy in Belgium but I'm not getting any response to my questions. Oh well.

ZA has quieted down and everything seems to be back to normal.

Typical ISP..:(

When they are speaking of TOS abuse, they may be complaining that you are using your Internet connection to support multiple computers. In Germany, they're thinking about passing a law forcing higher charges for people sharing their Internet connection between multiple computers. I don't know how they can prove it, though.

Anyway, it's good to hear you're back up and running. Do you have any other ISPs in your area? You may want to think about switching to a different one in light of the recent unpleasantness.