.....wants to send ICMP packet to your machine

Hi Experts,

I have been watching this parade of attempts to access my Win2K kernel.
Is it reasonable to assume that these are safe or? My Kerio firewall is
grabbing them by the throat every time one comes by. Great guy Kerio :-)

1 Someone on address S01060023cdc72ccb.wp.shawcable.net
[24.79.134.211] wants to send ICMP packet to your machine.

2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
[66.215.175.74] wants to send ICMP packet to your machine

3 118.173.238.87.adsl.dynamic.totbb.net
[118.173.238.87] wants to send ICMP packet to your machine

In all cases Details about Application are: tcpip kernel driver.

TIA

RF wrote:
> Hi Experts,
>
> I have been watching this parade of attempts to access my Win2K kernel.
> Is it reasonable to assume that these are safe or? My Kerio firewall is
> grabbing them by the throat every time one comes by. Great guy Kerio :-)
>
> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
> [24.79.134.211] wants to send ICMP packet to your machine.
>
> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
> [66.215.175.74] wants to send ICMP packet to your machine
>
> 3 118.173.238.87.adsl.dynamic.totbb.net
> [118.173.238.87] wants to send ICMP packet to your machine
>
> In all cases Details about Application are: tcpip kernel driver.
>
> TIA

Hello RF:

It would be reasonable to assume that /none/ of these safe. Amongst
other possibles, I high probability exists that these are bots.

In addition to the notifications that your firewall yields, I hope you
are suppressing responses to these packets.

HTH

--
1PW

In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
>
> Hi Experts,
>
> I have been watching this parade of attempts to access my Win2K kernel.
> Is it reasonable to assume that these are safe or? My Kerio firewall is
> grabbing them by the throat every time one comes by. Great guy Kerio :-)
>
> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
> [24.79.134.211] wants to send ICMP packet to your machine.
>
> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
> [66.215.175.74] wants to send ICMP packet to your machine
>
> 3 118.173.238.87.adsl.dynamic.totbb.net
> [118.173.238.87] wants to send ICMP packet to your machine
>
> In all cases Details about Application are: tcpip kernel driver.
>
> TIA

Why is your computer connected directly to the Internet?

At the very least you should be sitting behind a cheap NAT router that
doesn't respond to Ping requests certainly doesn't pass anything inbound
without your permission.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

"RF" wrote:

> I have been watching this parade of attempts to access my Win2K kernel.
> Is it reasonable to assume that these are safe or?

Could be bots scanning IP address ranges. If you're not responding to
them and don't have services configured to accept and act on
unsolicited network traffic then what's the problem?

> In all cases Details about Application are: tcpip kernel driver.

Well, it would be, since all such requests ultimately come and go
through a driver and drivers live in the kernel. It's not significant.

1PW wrote:
> RF wrote:
>> Hi Experts,
>>
>> I have been watching this parade of attempts to access my Win2K kernel.
>> Is it reasonable to assume that these are safe or? My Kerio firewall is
>> grabbing them by the throat every time one comes by. Great guy Kerio :-)
>>
>> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
>> [24.79.134.211] wants to send ICMP packet to your machine.
>>
>> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
>> [66.215.175.74] wants to send ICMP packet to your machine
>>
>> 3 118.173.238.87.adsl.dynamic.totbb.net
>> [118.173.238.87] wants to send ICMP packet to your machine
>>
>> In all cases Details about Application are: tcpip kernel driver.
>>
>> TIA
>
> Hello RF:
>
> It would be reasonable to assume that /none/ of these safe. Amongst
> other possibles, I high probability exists that these are bots.
>
> In addition to the notifications that your firewall yields, I hope you
> are suppressing responses to these packets.
>
> HTH
>
Thank you 1PW. That's what I have been doing.

Leythos wrote:
> In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
>> Hi Experts,
>>
>> I have been watching this parade of attempts to access my Win2K kernel.
>> Is it reasonable to assume that these are safe or? My Kerio firewall is
>> grabbing them by the throat every time one comes by. Great guy Kerio :-)
>>
>> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
>> [24.79.134.211] wants to send ICMP packet to your machine.
>>
>> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
>> [66.215.175.74] wants to send ICMP packet to your machine
>>
>> 3 118.173.238.87.adsl.dynamic.totbb.net
>> [118.173.238.87] wants to send ICMP packet to your machine
>>
>> In all cases Details about Application are: tcpip kernel driver.
>>
>> TIA

Thanks Leythos.

> Why is your computer connected directly to the Internet?

It is DSL and online while the computer is running.

> At the very least you should be sitting behind a cheap NAT router that
> doesn't respond to Ping requests certainly doesn't pass anything inbound
> without your permission.

I have a firewall.

RF wrote:
> Leythos wrote:
>> In article <7f5gvnF2jpak2U1@mid.individual.net>, RF@NoDen.con says...
>>> Hi Experts,
>>>
>>> I have been watching this parade of attempts to access my Win2K kernel.
>>> Is it reasonable to assume that these are safe or? My Kerio firewall
>>> is grabbing them by the throat every time one comes by. Great guy
>>> Kerio :-)
>>>
>>> 1 Someone on address S01060023cdc72ccb.wp.shawcable.net
>>> [24.79.134.211] wants to send ICMP packet to your machine.
>>>
>>> 2 Someone on address 66-215-175-74.dhcp.snbr.ca.charter.com
>>> [66.215.175.74] wants to send ICMP packet to your machine
>>>
>>> 3 118.173.238.87.adsl.dynamic.totbb.net
>>> [118.173.238.87] wants to send ICMP packet to your machine
>>>
>>> In all cases Details about Application are: tcpip kernel driver.
>>>
>>> TIA
>
> Thanks Leythos.
>
>> Why is your computer connected directly to the Internet?
>
> It is DSL and online while the computer is running.
>
>> At the very least you should be sitting behind a cheap NAT router that
>> doesn't respond to Ping requests certainly doesn't pass anything
>> inbound without your permission.
>
> I have a firewall.

Hello RF:

Leythos' question has earned re-asking. Why are you directly
connected to the Internet? Any network device you have should only
see the LAN side of a good NAT router. Only the WLAN side of a good
NAT router should "see" your DSL modem's Ethernet port.

Well crafted malware does defeat a Kerio firewall.

--
1PW

Ant wrote:
> "RF" wrote:
>
>> I have been watching this parade of attempts to access my Win2K kernel.
>> Is it reasonable to assume that these are safe or?
>
> Could be bots scanning IP address ranges. If you're not responding to
> them and don't have services configured to accept and act on
> unsolicited network traffic then what's the problem?

Programs within the computer often pop up a window (generated by the
firewall) and ask for permission to visit some other source. I often
wonder whether they are passing some info from my computer. On the other
hand the opposite is often true - they ask to have access. Usually
these requests have a name and IP# attached and, on a few ocasions I
tried to access that number and failed. I finally decided to allow the
few I can recognize the access. Strange ones get shut out.

>> In all cases Details about Application are: tcpip kernel driver.
>
> Well, it would be, since all such requests ultimately come and go
> through a driver and drivers live in the kernel. It's not significant.

The system is complicated and one can never tell what other loopholes
there are. I play it safe and minimize access. Do you know the holes and
ports that should be plugged and, if so, I'd like to know about them and
how how to block them?

Thanks for your input.

"RF" wrote:

> Programs within the computer often pop up a window (generated by the
> firewall) and ask for permission to visit some other source. I often
> wonder whether they are passing some info from my computer. On the other
> hand the opposite is often true - they ask to have access. Usually
> these requests have a name and IP# attached and, on a few ocasions I
> tried to access that number and failed. I finally decided to allow the
> few I can recognize the access. Strange ones get shut out.

Don't allow any outgoing access unless you know the software needs to
update itself and you want that to happen. However, if there is
malware on the computer it'll bypass or disable a software 'firewall'
anyway.

> Do you know the holes and ports that should be plugged and, if so,
> I'd like to know about them and how how to block them?

Since you're running W2k, you may find this helpful in shutting off
un-needed services to close ports that are listening by default:
http://www.hsc.fr/ressources/breves/...v_res_win.html