IGMP Packets - Addenum:

[Stewart Thompson]

Hi All:         In reviewing my Firewall Logs, I see lots of IGMP dropped packets. These are from recognized servers from my ISP, Name Servers etc. I have been seeing lots of bad things about ICMP packets, and they seem to be related. Does anyone have any comment regarding security risks associated with IGMP packets? Any suggested rules? Stu........... Here is a sample log entry for the above:   What is 224.0.0.1 ?   Apr 26 11:59:53 woodstock kernel: FW: IN=eth0 OUT= MAC= XX.XX.XX.XX.XX.XX SRC="ISPDEFAULTGATEWAY"  DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=25148 PROTO=2   Also this one is weird. I don’t have a computer at IP 192.168.2.44:   Apr 26 12:11:43 woodstock kernel: FW: IN= OUT=eth1 SRC="EXTIP" DST=192.168.2.44 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=231     Eth0=External Interface Eth1=Internal Interface