18.104.22.168 is the multicast address for Internet Group Management Protocol. This is normal traffic, and it stays on your local network.
answered 31 Jan '11, 08:31
With windows 7 i see broadcasts to, 22.214.171.124, 126.96.36.199, 188.8.131.52, and some crazy 239.235 combinations haha.
It doesn't always specify a port for some reason I guess because it is internal broadcast like an above poster said. But still.....kind of gullible feeling. Kind of feeling like u can't trust anyone feeling. Even on my home network nowadays, who knows whats on it spoofing things at any time. Feels like every website and program that exists is already hacked before it gets to my computer. And they tell us torrents have viruses? hahaha Hey look up the Michaelangelo virus and Chernobyl(CIH) virus that ibm was spreading with new pcs years ago....lol Now its 2013 and ten times worse, your oblivious to think otherwise..... Anyways,
i have alot of services disabled. upnp, in windows and router(i had to use a secret text link to a hidden page in my Verizon router to shut this off. I guess verizon sees it as people disabling upnp and then calling tech support when their game or voip or w/e device doesn't work, even they don't take security serious or wanna educate their customers....lol).
I have ipv6 disabled everywhere you see it in windows settings and firewall and router, ...every once in a while i still see a network broadcast on it. But i have no idea.....which address is for which protocols in the predefined rules. Maybe some nice Microsoft Gentleman will shed some light on the 184.108.40.206 addresses.
someone please correct me. but i believe netbios file sharing in windows is ports 137, 138.
look for the ip of the computers on your network thats all you need to allow.
and i think the only broadcast you would need to allow is most liked 192.168.1.255. This might correlate with your router....mine is default ip. and I believe its the only one i had to allow to share files on my home network.
possibly in addition 220.127.116.11. but i would try without it first. Block everything else ip subnet from 18.104.22.168 to 255.255.255.255, 10.0.0.0 - 255, 127.0.0.0-255, 169,254.0.0-, 192.0.0.0-, 198.18.0.0, 198.51.100.0, 203.0.113.0, everything to 255.255.255.255, those are all internal addresses.
sometimes when your router doesn't know who you are it will give you a 169.254 internal address. You can set dhcp to w/e you want or do it manually. default is 192.168.
just to add: Sometimes you gotta wonder why so many programs wanna broadcast out to those internal addresses as well......and why so many websites, even major corporations, have so many unknown ip's associated with them.
port 80 and 443 and 53 are just becoming flood gates of all streams of servers. These companies are gonna have to start registering every single ip address and domain associated with their site.
Even microsoft is like secretive what ips they use specifically for updates!! When the whole web becomes all httpS, they gonna have to let us know who the heck is connecting to my pc. Thats the truth, its getting ridiculous out here. SO many dam viruses. SO many spies, so many ads lol.
Their needs to be a public listing, something better then public domain tools.
I thought this site is pretty cool tks for letting me post.