Firewall Message?

Hi.
I've just got a wireless router, and firewall. Every time I boot up, I get
the following message from the firewall:

ndis user mode i/o driver has received a broadcast packet from the remote
machine 192.168.1.3. Do you want to allow this programme to access the
network?

Now, I know that the number is an IP address, and am guessing that this is
the router trying to assign one to my pc, as it tries to get on the network.
But I don't know, and don't fully understand the message. Anyone know what
this means, and whether I should be saying yay or nay? Thanks.

On Sun, 21 Nov 2004 12:11:47 +0000, The Crow wrote:

> Hi.
> I've just got a wireless router, and firewall. Every time I boot up, I
> get the following message from the firewall:
>
> ndis user mode i/o driver has received a broadcast packet from the remote
> machine 192.168.1.3. Do you want to allow this programme to access the
> network?
>
> Now, I know that the number is an IP address, and am guessing that this is
> the router trying to assign one to my pc, as it tries to get on the
> network. But I don't know, and don't fully understand the message. Anyone
> know what this means, and whether I should be saying yay or nay? Thanks.

http://forums.techguy.org/archive/in.../t-119631.html

On Sun, 21 Nov 2004 12:11:47 -0000, in alt.internet.wireless , "The Crow"
<crappy.mesh-(E-Mail Removed)> wrote:

>Hi.
>I've just got a wireless router, and firewall. Every time I boot up, I get
>the following message from the firewall:

What firewall is it? What OS? Difficult to translate the message
otherwise...

>ndis user mode i/o driver has received a broadcast packet from the remote
>machine 192.168.1.3.

Is this the IP of your router? Certainly its in your local network. Maybe
its your PC's IP?

>Do you want to allow this programme to access the network?

If its your router or PC, then yes.


--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

On Sun, 21 Nov 2004 12:11:47 -0000, "The Crow"
<crappy.mesh-(E-Mail Removed)> wrote:

>I've just got a wireless router,

Make and model?

>and firewall.

Make and model? If software, operating system and version?

Imagine going into an auto parts store and asking about a problem
without offering the slightest clue about what you're driving.

>Every time I boot up, I get
>the following message from the firewall:
>
>ndis user mode i/o driver has received a broadcast packet from the remote
>machine 192.168.1.3. Do you want to allow this programme to access the
>network?

Sounds like either the Windoze XP SP2 firewall, Norton Firewall, or
ZoneAlarm. The messages are similar. I'm too lazy to decode which
one. Could I trouble you to reveal the winning firewall?

>Now, I know that the number is an IP address, and am guessing that this is
>the router trying to assign one to my pc, as it tries to get on the network.

You're close, but not quite.

>But I don't know, and don't fully understand the message. Anyone know what
>this means, and whether I should be saying yay or nay? Thanks.

It means that a machine that has already been assigned an IP address
by your router has issued a broadcast packet. It can be an ARP
(address resolution protoocl) request, DHCP renewal, some kind of
discovery protocol, worms looking for something to attack, spyware on
192.168.1.3, or some manner of misconfiguration on 192.168.1.3. The
station already has an IP address, so it's not a DHCP request.

I like to run my LAN (local area network) essentially as a trusted
network, which will allow anything and everything from other computahs
and devices on the local LAN. If this is an acceptable mode of
operation, I would suggest you say "NO this time only" and then dive
into the configuration of your unspecified firewall, and disarm
security for the local LAN. The message should then go away by
itself.

Whether you want to operate your LAN is this manner is your decision.
If you're LAN is inhabited by roaming computahs, such as running an
open wireless connection shared with the neighborhood, or you have
junior hackers that tend to collect worms, viruses, spyware, etc, this
many not be such a great idea. In that case, remove your LAN from
trusted status in your firewall configuration, disable "file and print
sharing exception" in the XP SP2 firewall, and say "NEVER" to any
packets coming from unknown or the kids computahs.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

"The Crow" <crappy.mesh-(E-Mail Removed)> wrote in
news:41a08602$0$528$(E-Mail Removed):

> Hi.
> I've just got a wireless router, and firewall. Every time I boot up,
> I get the following message from the firewall:
>
> ndis user mode i/o driver has received a broadcast packet from the
> remote machine 192.168.1.3. Do you want to allow this programme to
> access the network?
>
> Now, I know that the number is an IP address, and am guessing that
> this is the router trying to assign one to my pc, as it tries to get
> on the network. But I don't know, and don't fully understand the
> message. Anyone know what this means, and whether I should be saying
> yay or nay? Thanks.
>
>

Well first off, the wireless NAT router is not a FW appliance. But the NAT
router is good enough in the home protection. It has some FW like features
at best and maybe SPI.

http://www.homenethelp.com/web/explain/about-NAT.asp

If the NAT router had a true FW, then it would be able to do what's in the
link.

http://tinyurl.com/4awxu

It seems that 192.168.1.3 is a private side IP issued by the router. It
should be safe.

Duane