Scott Holmes wrote:
> Should I allow my WinXP Sygate Firwall to allow ICMP Type 8 echo requests?
yes, it's fine, there's no risk. There might be a risk to them if you
were trying to attack them! But there isn't mcuh tyou can do with ping
alone.
open a command prompt and type
C:\WINDOWS> ping
www.google.com <ENTER>
now you'll be sending ICMP messages to
www.google.com and those
messagea will ave been generated by the ping program.
> For some reason, I periodically get wierd Internet Control Message Protocol
> (ICMP) Type 8 requests on WinXP such as:
You'll gets lots and lots of different outgoing things. ICMP
messages(like you described), And outgoing TCP connections (e.g.
connecting to a computer at port 80)
For ICMP you needn't worry. They carry no data, only codes.
Mostly you needn't worry. If a process is sending packets or messages
out, then you see if it's a windows process, in which case it's
probably fine - nuless it has been compromised. And if it's not a
windows process and it bothers you, then google and i'm sure you'll
find out soon enough if it's spyware. sending harmless advertising data
out.
Either way, it's not big deal. If your computer is slowing down then
you have spyware. Outgoign connections that your firewal warns you
about are - at worst - spyware. But most of the outgoing traffic is
legitimate. Hence you should allow windows processes and hyour browser
and other trusted programs to send whatever they want outwards.
> NT Kernel System (ntoskrnl.exe)
> is trying to send an ICMP Type 8 (Echo Request) packet to [202.232.13.185].
> Do you want to allow this program to access the network?
a)a windows process - so it you should really trusted unless you have
reason no to i.e. unless you think it has been compromised
b)it's sending something outwards, not even any personal data in an
ICMP.
It's just a emssage to test if a remote computer on the internet is up
and running
> NT Kernel System (ntoskrnl.exe)
> is trying to send an ICMP Type 8 (Echo Request) packet to
> [202.232.221.175].
> Do you want to allow this program to access the network?
>
> I have no idea what these requests are for.
so you should google around and as soon as you don't see "SPYWARE
SPYWARE" all over the place in the results, you assume it's fine.
<snip>
> One of the articles I looked up suggested "netstat -an" but that didn't
> show anything listening of that IP address.
that only applies to UDP and TCP. They show servers listening.
ICMP works at a lower level. It isn't displayed by netstat, doesn't use
ports, doesn't use listening servers
> What is an ICMP Type 8 echo request?
a message intended to reach a host and requesting that the host reply
to say it is online
it's a free country. you can send ICMP messages yourself. ping command.
> Whom do these IP addresses belong to?
somebody posted toshiba and an isp or something, so maybe you did the
lookup wrong.
> Should I allow these ICMP Type 8 echo requests or should I deny them?
allow. Otherwise the legitimate trusted processes trying to send them
will not know what's going on, and may not continue to do what they
were intended to do, and what they were intended to do is most probably
for your benefit.
ICMP Type 8 Echo Request packet security concerns 
Linear Mode
