connecting to Multicast IP

Hello, I am new to the forums and I am just now realizing this is a windows seven community haha. I have windows 10 but I believe this still applies to both OS versions.
I had a question about theses multicast IPs 239.255.255.250 and 224.0.0.251, I did some research and they seem to be m-cast IP's, Im a litte confused as to why my computer is still connecting to Multicast, I disabled SSDP and all multicast traffic. I understand this could still be normal behavior but what worries me more is that sometimes google thinks im in russia eventhough im using a VPN with a completely different server location. this happens occasionally and out of the blue. and usually leads google to try verify that a human is making those requests. I also randomly got a connection from 1.2.3.4 from a brief second I don't know what that was about. my bad if this is all over the place but if you need other info leave a reply and I will get to it as soon as possible. Thank you!

PS: I've also tried doing ipleak tests online and everything appears to be normal, no ip or dns leaks. the problem seems to arise only with google.

There's a lot going on here. For one, a multicast IP address is NOT a routable IP withen the Internet at large. These IPs are used for computer to computer and router traffic only.

If Google thinks you're in Russia while using the VPN, then it's due to the VPN. Probably via DNS resolution or something. Could even be that Google has a bad IP to geo location fix on the IP you're using with the VPN, but I kinda doubt that. There's something else there going on with your VPN and how it's changing the packets and what not making it appear to Google's code your coming out of Russia. Heck, you just might! HAHA Run a tracert command to 8.8.8.8

Rather than turn off SSDP altogether, you'll want ot go into your router and disable UPnP. It's called Universal Plug and Play, but in cybersecurity circles it's called Universal Plug and Prey. In a nutshell, leave multicast alone.

VPNs are in large part a false sense of security and many people don't know what the really are or even how they work but get caught up in a whole mantra of marketing crap on the Internet about them. On the other hand, VPNs are nice for certain purposes, and if you know their limitations and how to do things correctly, and know which VPN provider to chose from and how to pay for it, then it can offer some privacy and security... Even then, that new IP address now makes you stick out like a sore thumb. Most if not all VPN servers use cloud servers and those IPs are all known by the hosts that use them by the website you connect to. SUch as OVH (a multiplay network), Digital Ocean, Amazon AWS, Choopa, etc, etc ad nauseam.

If you're using a VPN for privacy, well, chances are it's a false sense of privacy because your browser and what ever else like an email client is already ratting you out through WebRTC, WebGL canvas data, and lots and lots of other awesome metadata. There are even timing attacks with the sent packet data and other crap. So, if you don't know about networking or cybersecurity, a VPN can be snakeoil. They do serve their purposes for certain things however...

Yes, you'll find the biggest offender to the dreaded CAPTCHA on their search engine is Google. To remedy that I'd use one or all of the following: SearXNG and searx instances (Pick one) (read about it here), Startpage, Swisscows, or DuckDuckGo. Brave also has theirs, but I think that's internal to their browser (crap browser... LOL Well, all browsers now-a-days are absolute crap unless your willing to participating in the Google Web Components pwnage off the Internet, you're screwed with webpage breakage in Pale Moon et al. Check out Ungoogled Chromium and don't add add-ons or use Librewolf. YMMV). And YMMV with search engine alternatives. Some results are craptacular versus others...


Who Owns Your VPN? 105 VPNs Run by 24 Companies | VPNpro ( I like their little BS pop up... But there you go).

And another. These 7 Companies Secretly Own Dozens of VPNs

*In a Austin Powers voice* "One billion dollars!". I had no idea the market was worth that much capital.

- - - Updated - - -

If you're REALLY interested in a firewall, look no further than pfSense. Then learn about Snort...

There's also an appliance (I forgot its name) that uses the ARP cache withen your network for parental control and what not. Pretty damn pricey though.

Want your own personal VPN? Use a third-party router firmware like ASUS Merlin or DD-WRT with the built-in OpenVPN server and then you can use the OpenVPN client program or App on a phone. It'll of course be your home IP address, but never the less encapsulates your web traffic over an open WIFI network or what ever. Back in the day I did this but with SSH! Sloooow...

thank you for taking the time and explaining everything in detail, really shows you are passionate about your studies. I have been under the assumption that multicast is the same thing as IP broadcasting which goes out to the internet world wide web type beat... lol I guess I would have to look into it more. nonetheless I did a traceroute to google dns and I have the results with me. I did it while connected to my VPN as usual. nothing really out of the ordinary the IP's I found where used by my VPN provider. so it's weird that this is happening out of the blue. if nothing shows up on the network side then it must be malware within the system no?

and I wish I had access to the router or else I would've done the investigation myself. it's weird though even blocking ICMP and certain IP's that I don't want my computer to be communicating with through windows firewall is not working. makes me wonder what even is the point of this whole firewall if it doesn't stop the connections. I love microsoft, but man am I disappointed sometimes...

also I already know BIG CORPO is invested into all of our internet traffic. a lot of VPN providers work with big companies and they have servers and domains set up with them and to be honest I don't really care much. I can worry about them later but first I just want to be as private as I can, I use chatting apps and you know how safe those things are...

I will be looking into buying/setting up a new firewall. but im afraid sometimes more is less. I don't want to make things more complicated in the longrun, windows firewall is good but how it just doesn't block something when I tell it to is beyond me.

thanks again!

If, and only if you're seeing Russia as your location in Google and you don't live in Russia while using the VPN, then it's safe to assume it's your VPN doing it due to its routing and what not. I can also tell you I've seen this same behavior on my end with another VPN I used. And Amazon would show the wrong Amazon location for the website. Due know however that you may not want to use a VPN for PayPal, a bank, credit card reporting agency website, etc You risk looking fishy to their security and may run against the grain of their ToS... It's why I don't believe in whole router VPN solutions or whole appliance spam filtering and opt for fine grain software control. Unless of course you use a specific VLAN or what ever I guess. It's also why I mentioned you can deploy your own VPN withen a router for when you travel and need to make sure the open WIFI connection is safe to use and what have you all the while your IP address will be from home. Tip for that, configure your laptop's DNS to something else like OpenDNS, Google's or Cloudflare's... If you go to DEFCON you'll know why. LOL!

Here's some info. on multicast. Multicast and the Internet : networking

How are you determining that pings and what not are not blocked?

If you don't have control of the router, then you'll want to probably invest into some kind of reputable software firewall. For that I'm not really sure other than a poorman's firewall so to speak of Peerblock. And do know router firmware can be infected (even your IoT). So if you have no control over the router and can't update its firmware, and trust OEM firmware, then, well, it's a mixed bag of hoping the router hasn't been turned into a zombie botnet or isn't being monitored by whoever controls it. Very easy to due with SNMP and what have you.

If you download Peerblock, check it at VirusTotal's website¹ and install. Then you can use the attached file to block damn near ALL (thus the name of the file) IP addresses. You should see north of 3 billion IPs being blocked. The fun part is allowing only the IPs you know need access. That means Windows components, Windows updates, your software and its update facilities and a whole plethora of other things. So it's going to probably be very cumbersome and requires some know how on your end on what to allow or block and what is being blocked. And you can't block HTTP and expect to use your browser. For that you need to temporally turn it off. This is how I personally roll myself absent of my router that uses SPI (Stateful Packet Inspection). I have yet to deploy pfSense and really don't have to since I don't port forward. But pfSense does have a lot of other uses as well. Especially running Windows 10 or 11. And therein lies a whole boat ton of IP traffic you'll have to contend with on what's needed or not. I know because I ran Windows 10 in a virtual machine using VMware and monitored the network traffic with the VM's network interface and a packet sniffer. There is an absolute waterfall of IP traffic pouring in and out of that OS and it's disgusting. I never saw this kind of activity in Windows 7 or even XP in a virtual machine. There is a striped down version of 10, but it's not for everybody. You can also fine tune your install media with NTLite and use other tools found at Github...

So yeah, if you're wiling to mess around with a lot of crap, and know how to REALLY research and understand the results for each IP being blocked, then use this Peerblock list. Again, this is a catch all requiring you to individually whitelist one IP at a time. LOL! I laugh because that's going to be like climbing Olympus Mons on Mars, a ~84,000' volcano. You can of course create your own block and allow lists per CIDR... I'm not getting into all that though and it's beyond the scope of this thread.


All.zip

There are lots and lots and I mean LOTS of things I can cover on security and privacy. What it all amounts to however is just not using anything electronic. LOL! So having said that, the method becomes more about just blending in...

There's also the risk of a lot of misunderstanding and loads of conjecture based on the user's interpretation of what they may not understand. Exhibit A is where I talked to a fairly popular YouTube content creator on "hacking" videos and he told me he gets loads of people asking him how to secure this or that and whether the government is spying on them and what have you. Honestly, the "government" is not really an entity I would pay my most attention to in the realm of all things cyber. For me personally it'd be companies. "Scan this QR code, use our WONDERFUL App, enter your awesome phone number here at the grocery store for some perks for cheaper gasoline and other marketing, data collecting crap." All those Apps? They now know where you are right down to some 10'. Is Facebook et al listening to you? I can prove it with data packets! It boils down to this: NOTING in this world is free, and there are smart people out there (carnies) that know how to use sheep for their wool... You might be interested in my write up on Edward Snowden. LOL! Note: Your VPN or any other crazy IP crap on your end may not make it in. Here's the current topic and at the Wayback Machine.

I need to find a ghost writer.... Good grief!


¹ The general consensus is four hits and you toss, but it depends on what it is and knowing how to read any Relations or Behaviors if provided.

I am going to be investing in a special firewall in the future but for now I am just trying to keep it simple. I have been noticing some strange behavior whenever I open up my browser, like I said I don't have access to the router, and it is shared with other people in the building, now I noticed a connection gets established from my tv media streaming device on port 8060 and then uses multicast same thing happens with my neighbors samsung TV except on port 7676. now the the samsung connection is basically an exploit, but how malicious is it? that idk.

so it occasionally sends data packets while using my browser
here are some messages that I gathered from it:

smp_21_. .SERVER: SHP, UP nP/1.0, Samsung UPnP SDK/1.0..ST : urn:dial-multi screen-org:servi ce:dial:1..

and this

urn:d ial-multiscreen- org:service:dial :1..Content-Leng th: 0

It very well could be nothing, this device is on same local network and ive done everything i could to stop it from connecting with no luck.

Streaming devices use multicast. This is perfectly normal.

I understand it is normal behavior, but is there anything can do to stop it from connecting? I dont have access to the router and I have done almost everything imagine-able to stop it from connecting. the only other option I can think of is to install a special firewall but that's gonna take some time.

I would just like to stop all broadcast and multicast to and from my device. I've already stopped all services related to it, I disabled LLDP and SSDP, Ive done some registry tweaks. and on top of that I added a couple firewall rules. is there anything i'm missing?