Results 1 to 9 of 9

Thread: .....wants to send ICMP packet to your machine

  1. #1
    RF
    Guest

    .....wants to send ICMP packet to your machine

    Hi Experts,

    I have been watching this parade of attempts to access my Win2K kernel.
    Is it reasonable to assume that these are safe or? My Kerio firewall is
    grabbing them by the throat every time one comes by. Great guy Kerio :-)

    1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    [24.79.134.211] wants to send ICMP packet to your machine.

    2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    [66.215.175.74] wants to send ICMP packet to your machine

    3 118.173.238.87.adsl.dynamic.totbb.net
    [118.173.238.87] wants to send ICMP packet to your machine

    In all cases Details about Application are: tcpip kernel driver.

    TIA

  2. #2
    1PW
    Guest

    Re: .....wants to send ICMP packet to your machine

    RF wrote:
    > Hi Experts,
    >
    > I have been watching this parade of attempts to access my Win2K kernel.
    > Is it reasonable to assume that these are safe or? My Kerio firewall is
    > grabbing them by the throat every time one comes by. Great guy Kerio :-)
    >
    > 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    > [24.79.134.211] wants to send ICMP packet to your machine.
    >
    > 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    > [66.215.175.74] wants to send ICMP packet to your machine
    >
    > 3 118.173.238.87.adsl.dynamic.totbb.net
    > [118.173.238.87] wants to send ICMP packet to your machine
    >
    > In all cases Details about Application are: tcpip kernel driver.
    >
    > TIA


    Hello RF:

    It would be reasonable to assume that /none/ of these safe. Amongst
    other possibles, I high probability exists that these are bots.

    In addition to the notifications that your firewall yields, I hope you
    are suppressing responses to these packets.

    HTH

    --
    1PW

  3. #3
    Leythos
    Guest

    Re: .....wants to send ICMP packet to your machine

    In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
    >
    > Hi Experts,
    >
    > I have been watching this parade of attempts to access my Win2K kernel.
    > Is it reasonable to assume that these are safe or? My Kerio firewall is
    > grabbing them by the throat every time one comes by. Great guy Kerio :-)
    >
    > 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    > [24.79.134.211] wants to send ICMP packet to your machine.
    >
    > 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    > [66.215.175.74] wants to send ICMP packet to your machine
    >
    > 3 118.173.238.87.adsl.dynamic.totbb.net
    > [118.173.238.87] wants to send ICMP packet to your machine
    >
    > In all cases Details about Application are: tcpip kernel driver.
    >
    > TIA


    Why is your computer connected directly to the Internet?

    At the very least you should be sitting behind a cheap NAT router that
    doesn't respond to Ping requests certainly doesn't pass anything inbound
    without your permission.


    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

  4. #4
    Ant
    Guest

    Re: .....wants to send ICMP packet to your machine

    "RF" wrote:

    > I have been watching this parade of attempts to access my Win2K kernel.
    > Is it reasonable to assume that these are safe or?


    Could be bots scanning IP address ranges. If you're not responding to
    them and don't have services configured to accept and act on
    unsolicited network traffic then what's the problem?

    > In all cases Details about Application are: tcpip kernel driver.


    Well, it would be, since all such requests ultimately come and go
    through a driver and drivers live in the kernel. It's not significant.



  5. #5
    RF
    Guest

    Re: .....wants to send ICMP packet to your machine

    1PW wrote:
    > RF wrote:
    >> Hi Experts,
    >>
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or? My Kerio firewall is
    >> grabbing them by the throat every time one comes by. Great guy Kerio :-)
    >>
    >> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >> [24.79.134.211] wants to send ICMP packet to your machine.
    >>
    >> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >> [66.215.175.74] wants to send ICMP packet to your machine
    >>
    >> 3 118.173.238.87.adsl.dynamic.totbb.net
    >> [118.173.238.87] wants to send ICMP packet to your machine
    >>
    >> In all cases Details about Application are: tcpip kernel driver.
    >>
    >> TIA

    >
    > Hello RF:
    >
    > It would be reasonable to assume that /none/ of these safe. Amongst
    > other possibles, I high probability exists that these are bots.
    >
    > In addition to the notifications that your firewall yields, I hope you
    > are suppressing responses to these packets.
    >
    > HTH
    >

    Thank you 1PW. That's what I have been doing.

  6. #6
    RF
    Guest

    Re: .....wants to send ICMP packet to your machine

    Leythos wrote:
    > In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
    >> Hi Experts,
    >>
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or? My Kerio firewall is
    >> grabbing them by the throat every time one comes by. Great guy Kerio :-)
    >>
    >> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >> [24.79.134.211] wants to send ICMP packet to your machine.
    >>
    >> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >> [66.215.175.74] wants to send ICMP packet to your machine
    >>
    >> 3 118.173.238.87.adsl.dynamic.totbb.net
    >> [118.173.238.87] wants to send ICMP packet to your machine
    >>
    >> In all cases Details about Application are: tcpip kernel driver.
    >>
    >> TIA


    Thanks Leythos.

    > Why is your computer connected directly to the Internet?


    It is DSL and online while the computer is running.

    > At the very least you should be sitting behind a cheap NAT router that
    > doesn't respond to Ping requests certainly doesn't pass anything inbound
    > without your permission.


    I have a firewall.




  7. #7
    1PW
    Guest

    Re: .....wants to send ICMP packet to your machine

    RF wrote:
    > Leythos wrote:
    >> In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
    >>> Hi Experts,
    >>>
    >>> I have been watching this parade of attempts to access my Win2K kernel.
    >>> Is it reasonable to assume that these are safe or? My Kerio firewall
    >>> is grabbing them by the throat every time one comes by. Great guy
    >>> Kerio :-)
    >>>
    >>> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >>> [24.79.134.211] wants to send ICMP packet to your machine.
    >>>
    >>> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >>> [66.215.175.74] wants to send ICMP packet to your machine
    >>>
    >>> 3 118.173.238.87.adsl.dynamic.totbb.net
    >>> [118.173.238.87] wants to send ICMP packet to your machine
    >>>
    >>> In all cases Details about Application are: tcpip kernel driver.
    >>>
    >>> TIA

    >
    > Thanks Leythos.
    >
    >> Why is your computer connected directly to the Internet?

    >
    > It is DSL and online while the computer is running.
    >
    >> At the very least you should be sitting behind a cheap NAT router that
    >> doesn't respond to Ping requests certainly doesn't pass anything
    >> inbound without your permission.

    >
    > I have a firewall.


    Hello RF:

    Leythos' question has earned re-asking. Why are you directly
    connected to the Internet? Any network device you have should only
    see the LAN side of a good NAT router. Only the WLAN side of a good
    NAT router should "see" your DSL modem's Ethernet port.

    Well crafted malware does defeat a Kerio firewall.

    --
    1PW

  8. #8
    RF
    Guest

    Re: .....wants to send ICMP packet to your machine

    Ant wrote:
    > "RF" wrote:
    >
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or?

    >
    > Could be bots scanning IP address ranges. If you're not responding to
    > them and don't have services configured to accept and act on
    > unsolicited network traffic then what's the problem?


    Programs within the computer often pop up a window (generated by the
    firewall) and ask for permission to visit some other source. I often
    wonder whether they are passing some info from my computer. On the other
    hand the opposite is often true - they ask to have access. Usually
    these requests have a name and IP# attached and, on a few ocasions I
    tried to access that number and failed. I finally decided to allow the
    few I can recognize the access. Strange ones get shut out.

    >> In all cases Details about Application are: tcpip kernel driver.

    >
    > Well, it would be, since all such requests ultimately come and go
    > through a driver and drivers live in the kernel. It's not significant.


    The system is complicated and one can never tell what other loopholes
    there are. I play it safe and minimize access. Do you know the holes and
    ports that should be plugged and, if so, I'd like to know about them and
    how how to block them?

    Thanks for your input.

  9. #9
    Ant
    Guest

    Re: .....wants to send ICMP packet to your machine

    "RF" wrote:

    > Programs within the computer often pop up a window (generated by the
    > firewall) and ask for permission to visit some other source. I often
    > wonder whether they are passing some info from my computer. On the other
    > hand the opposite is often true - they ask to have access. Usually
    > these requests have a name and IP# attached and, on a few ocasions I
    > tried to access that number and failed. I finally decided to allow the
    > few I can recognize the access. Strange ones get shut out.


    Don't allow any outgoing access unless you know the software needs to
    update itself and you want that to happen. However, if there is
    malware on the computer it'll bypass or disable a software 'firewall'
    anyway.

    > Do you know the holes and ports that should be plugged and, if so,
    > I'd like to know about them and how how to block them?


    Since you're running W2k, you may find this helpful in shutting off
    un-needed services to close ports that are listening by default:
    http://www.hsc.fr/ressources/breves/...v_res_win.html



Similar Threads

  1. Losing my internet connection every day
    By Subterfuge in forum General Broadband Forum
    Replies: 5
    Last Post: 02-26-09, 02:14 AM
  2. few questions about my internet...
    By charlieC in forum General Broadband Forum
    Replies: 1
    Last Post: 04-08-08, 09:06 PM
  3. can't send work error ?
    By Mark in forum Distributed Computing
    Replies: 3
    Last Post: 03-19-08, 01:42 PM
  4. wifi keeps turning on and offf
    By Masenko in forum Wireless Networks & Routers
    Replies: 2
    Last Post: 02-21-08, 07:45 PM
  5. Replies: 4
    Last Post: 10-22-07, 10:11 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •