.....wants to send ICMP packet to your machine

Discussion in 'Computer Security' started by RF, Aug 20, 2009.

  1. RF

    RF Guest

    Hi Experts,

    I have been watching this parade of attempts to access my Win2K kernel.
    Is it reasonable to assume that these are safe or? My Kerio firewall is
    grabbing them by the throat every time one comes by. Great guy Kerio :)

    1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    [24.79.134.211] wants to send ICMP packet to your machine.

    2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    [66.215.175.74] wants to send ICMP packet to your machine

    3 118.173.238.87.adsl.dynamic.totbb.net
    [118.173.238.87] wants to send ICMP packet to your machine

    In all cases Details about Application are: tcpip kernel driver.

    TIA
    RF, Aug 20, 2009
    #1
    1. Advertising

  2. RF

    1PW Guest

    RF wrote:
    > Hi Experts,
    >
    > I have been watching this parade of attempts to access my Win2K kernel.
    > Is it reasonable to assume that these are safe or? My Kerio firewall is
    > grabbing them by the throat every time one comes by. Great guy Kerio :)
    >
    > 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    > [24.79.134.211] wants to send ICMP packet to your machine.
    >
    > 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    > [66.215.175.74] wants to send ICMP packet to your machine
    >
    > 3 118.173.238.87.adsl.dynamic.totbb.net
    > [118.173.238.87] wants to send ICMP packet to your machine
    >
    > In all cases Details about Application are: tcpip kernel driver.
    >
    > TIA


    Hello RF:

    It would be reasonable to assume that /none/ of these safe. Amongst
    other possibles, I high probability exists that these are bots.

    In addition to the notifications that your firewall yields, I hope you
    are suppressing responses to these packets.

    HTH

    --
    1PW
    1PW, Aug 20, 2009
    #2
    1. Advertising

  3. RF

    Leythos Guest

    In article <>, says...
    >
    > Hi Experts,
    >
    > I have been watching this parade of attempts to access my Win2K kernel.
    > Is it reasonable to assume that these are safe or? My Kerio firewall is
    > grabbing them by the throat every time one comes by. Great guy Kerio :)
    >
    > 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    > [24.79.134.211] wants to send ICMP packet to your machine.
    >
    > 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    > [66.215.175.74] wants to send ICMP packet to your machine
    >
    > 3 118.173.238.87.adsl.dynamic.totbb.net
    > [118.173.238.87] wants to send ICMP packet to your machine
    >
    > In all cases Details about Application are: tcpip kernel driver.
    >
    > TIA


    Why is your computer connected directly to the Internet?

    At the very least you should be sitting behind a cheap NAT router that
    doesn't respond to Ping requests certainly doesn't pass anything inbound
    without your permission.


    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    (remove 999 for proper email address)
    Leythos, Aug 20, 2009
    #3
  4. RF

    RF Guest

    1PW wrote:
    > RF wrote:
    >> Hi Experts,
    >>
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or? My Kerio firewall is
    >> grabbing them by the throat every time one comes by. Great guy Kerio :)
    >>
    >> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >> [24.79.134.211] wants to send ICMP packet to your machine.
    >>
    >> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >> [66.215.175.74] wants to send ICMP packet to your machine
    >>
    >> 3 118.173.238.87.adsl.dynamic.totbb.net
    >> [118.173.238.87] wants to send ICMP packet to your machine
    >>
    >> In all cases Details about Application are: tcpip kernel driver.
    >>
    >> TIA

    >
    > Hello RF:
    >
    > It would be reasonable to assume that /none/ of these safe. Amongst
    > other possibles, I high probability exists that these are bots.
    >
    > In addition to the notifications that your firewall yields, I hope you
    > are suppressing responses to these packets.
    >
    > HTH
    >

    Thank you 1PW. That's what I have been doing.
    RF, Sep 6, 2009
    #4
  5. RF

    RF Guest

    Leythos wrote:
    > In article <>, says...
    >> Hi Experts,
    >>
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or? My Kerio firewall is
    >> grabbing them by the throat every time one comes by. Great guy Kerio :)
    >>
    >> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >> [24.79.134.211] wants to send ICMP packet to your machine.
    >>
    >> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >> [66.215.175.74] wants to send ICMP packet to your machine
    >>
    >> 3 118.173.238.87.adsl.dynamic.totbb.net
    >> [118.173.238.87] wants to send ICMP packet to your machine
    >>
    >> In all cases Details about Application are: tcpip kernel driver.
    >>
    >> TIA


    Thanks Leythos.

    > Why is your computer connected directly to the Internet?


    It is DSL and online while the computer is running.

    > At the very least you should be sitting behind a cheap NAT router that
    > doesn't respond to Ping requests certainly doesn't pass anything inbound
    > without your permission.


    I have a firewall.
    RF, Sep 6, 2009
    #5
  6. RF

    1PW Guest

    RF wrote:
    > Leythos wrote:
    >> In article <>, says...
    >>> Hi Experts,
    >>>
    >>> I have been watching this parade of attempts to access my Win2K kernel.
    >>> Is it reasonable to assume that these are safe or? My Kerio firewall
    >>> is grabbing them by the throat every time one comes by. Great guy
    >>> Kerio :)
    >>>
    >>> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
    >>> [24.79.134.211] wants to send ICMP packet to your machine.
    >>>
    >>> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
    >>> [66.215.175.74] wants to send ICMP packet to your machine
    >>>
    >>> 3 118.173.238.87.adsl.dynamic.totbb.net
    >>> [118.173.238.87] wants to send ICMP packet to your machine
    >>>
    >>> In all cases Details about Application are: tcpip kernel driver.
    >>>
    >>> TIA

    >
    > Thanks Leythos.
    >
    >> Why is your computer connected directly to the Internet?

    >
    > It is DSL and online while the computer is running.
    >
    >> At the very least you should be sitting behind a cheap NAT router that
    >> doesn't respond to Ping requests certainly doesn't pass anything
    >> inbound without your permission.

    >
    > I have a firewall.


    Hello RF:

    Leythos' question has earned re-asking. Why are you directly
    connected to the Internet? Any network device you have should only
    see the LAN side of a good NAT router. Only the WLAN side of a good
    NAT router should "see" your DSL modem's Ethernet port.

    Well crafted malware does defeat a Kerio firewall.

    --
    1PW
    1PW, Sep 6, 2009
    #6
  7. RF

    RF Guest

    Ant wrote:
    > "RF" wrote:
    >
    >> I have been watching this parade of attempts to access my Win2K kernel.
    >> Is it reasonable to assume that these are safe or?

    >
    > Could be bots scanning IP address ranges. If you're not responding to
    > them and don't have services configured to accept and act on
    > unsolicited network traffic then what's the problem?


    Programs within the computer often pop up a window (generated by the
    firewall) and ask for permission to visit some other source. I often
    wonder whether they are passing some info from my computer. On the other
    hand the opposite is often true - they ask to have access. Usually
    these requests have a name and IP# attached and, on a few ocasions I
    tried to access that number and failed. I finally decided to allow the
    few I can recognize the access. Strange ones get shut out.

    >> In all cases Details about Application are: tcpip kernel driver.

    >
    > Well, it would be, since all such requests ultimately come and go
    > through a driver and drivers live in the kernel. It's not significant.


    The system is complicated and one can never tell what other loopholes
    there are. I play it safe and minimize access. Do you know the holes and
    ports that should be plugged and, if so, I'd like to know about them and
    how how to block them?

    Thanks for your input.
    RF, Sep 6, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AnyBody43

    Windows tool to send custom ICMP

    AnyBody43, Sep 13, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,948
    Hansang Bae
    Sep 14, 2004
  2. Scott Townsend
    Replies:
    2
    Views:
    10,049
    Scott Townsend
    May 4, 2006
  3. lfnetworking
    Replies:
    3
    Views:
    4,855
    lfnetworking
    Aug 27, 2006
  4. Markus Marquardt

    4500 switch first icmp packet lost?

    Markus Marquardt, Oct 18, 2006, in forum: Cisco
    Replies:
    4
    Views:
    1,940
    NETADMIN
    Oct 19, 2006
  5. mediumkuriboh
    Replies:
    0
    Views:
    1,466
    mediumkuriboh
    Feb 9, 2009
Loading...

Share This Page