i have some xp pro machines on my network that are giving me this:


Permitted: Out protocol [2], localhost->igmp.mcast.net [224.0.0.22], Owner: Tcpip Kernel Driver

Permitted: Out UDP, localhost:1090->239.255.255.250:1900, Owner: C:\WINDOWS\SYSTEM32\SVCHOST.EXE


on searching around for some info on it ive come accross a broad spectrum of answers

http://cert.uni-stuttgart.de/archive.../msg00068.html

this person seems to attribute it to microsoft calling home but this:

igmp broadcast to IGMP.MCAST.NET [x.x.x.x -> 224.0.0.22] (ttl = 1)
wont make it past a router

i was wondering if anyone here could shead some light on it. it doesn't seem to be anything to be concerned with but id like to understand whats going on

i know i could change to 'deny' but the purpose of these firewalls is just to send messages to a syslogd for my viewing pleasure and not controll traffic in any way