Black Ice 3.5cbf warning about 192.168.0.1

Discussion in 'Computer Security' started by steve h., Jul 1, 2004.

  1. steve h.

    steve h. Guest

    [Evasion] Attacker sends an ICMP Echo reply without a request, possibly
    to communicate with a trojan horse application - This is the message I
    get from Black Ice, when the only thing at that IP address is my D-Link
    DI-604 router. Should I just ignore this ? TIA.
    Steve
     
    steve h., Jul 1, 2004
    #1
    1. Advertising

  2. steve h.

    steve h. Guest

    steve h. wrote:
    > [Evasion] Attacker sends an ICMP Echo reply without a request, possibly
    > to communicate with a trojan horse application - This is the message I
    > get from Black Ice, when the only thing at that IP address is my D-Link
    > DI-604 router. Should I just ignore this ? TIA.
    > Steve

    oh yeah, I've scanned my cpu and there are no trojans, viruses, worms, etc.
     
    steve h., Jul 1, 2004
    #2
    1. Advertising

  3. steve h.

    steve h. Guest

    "steve h." <> wrote in message news:<N3JEc.2241$>...
    > [Evasion] Attacker sends an ICMP Echo reply without a request, possibly
    > to communicate with a trojan horse application - This is the message I
    > get from Black Ice, when the only thing at that IP address is my D-Link
    > DI-604 router. Should I just ignore this ? TIA.
    > Steve



    more info: http://xforce.iss.net/xforce/xfdb/8014

    ICMP Echo Reply without Echo
    icmp-unsolicited-echo-reply (8014) Low Risk

    Description:

    This computer received an ICMP echo reply (commonly called a ping)
    without having first sent a ping request.This event may occur for one
    or more reasons:

    Firewall scanning: Any administrator or intruder may use this
    technique to scan systems behind a corporate firewall. Most corporate
    firewalls allow ping/echo repsonses to pass through. Otherwise, ping
    programs won't work correctly. However, when a router within the
    corporation attempts to forward the packet to a nonexistent host, it
    sends back an "unreachable" message to the sender. In this manner,
    somebody can map the structure of the network behind a corporate
    firewall.
    Trojan communication: ICMP traffic is a common way of communicating
    with Trojan horse programs. This method is effective because it passes
    through firewalls.
    Denial of Service (DoS) attacks: Ping floods are also used as a direct
    DoS mechanism. The goal is to flood you with traffic (especially
    traffic that pierces firewalls) to slow down the Internet connection.
    Spoof by-products: An attacker could be spoofing your IP address. They
    could be sending pings to a target claiming that these pings are from
    you. You would then see these replies. There is no reliable method to
    determine who is doing this.
    Platforms Affected:

    Microsoft Corporation: Windows Any version
    Various: Unix Any version
    Remedy:

    Verfiy the source of the traffic and that no rogue applications are
    running.

    Consequences:

    Data Manipulation
     
    steve h., Jul 1, 2004
    #3
  4. steve h.

    Guest

    Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?

    I use NIS and wanted to know if I make a rule to block this IP address am I
    protected?

    Thanks
     
    , Jul 2, 2004
    #4
  5. steve h.

    rello Guest

    Re: Black Ice 3.5cbf warning about 192.168.0.1 -->Can this IP be blocked?

    On Fri, 2 Jul 2004 17:44:48 GMT, wrote:

    >I use NIS and wanted to know if I make a rule to block this IP address am I
    >protected?
    >
    >Thanks

    this is prolly ur router address....192.168.0.1 i generally the
    gateway for your LAN..
    relloman
     
    rello, Oct 28, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nigel Day

    192.168.1.1 wont work

    Nigel Day, Sep 8, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    12,621
    heydude95
    Nov 22, 2009
  2. hoser
    Replies:
    2
    Views:
    1,010
    hoser
    Apr 15, 2005
  3. swsw
    Replies:
    3
    Views:
    1,463
    Walter Roberson
    Jul 28, 2005
  4. nero

    192.168.1.3

    nero, Dec 8, 2003, in forum: MCSD
    Replies:
    7
    Views:
    95,754
    vivek
    Dec 10, 2003
  5. Scooty
    Replies:
    0
    Views:
    1,711
    Scooty
    Mar 8, 2007
Loading...

Share This Page