0
freeflir29

Computer Geeks?

By freeflir29, in The Bonfire

Recommended Posts

freeflir29    0

freeflir29
Some of you folks that are more knowledgeable than I......tell me something. Is there any non-seruptitious use for sending "ICMP Pings." I have McAffee firewall and it has caught quite a few of these so far. It has even told me that some of these "Pings" were trying to open certain ports and one was scanning for a Trojan virus. I have gone back into utilities and blocked all the IP's that these pings come from but isn't that only about half useful as they can just get a new IP addy? What's the best course of action to deal with these "intruders?" :S That's one thing that kinda sucks about Bellsouth DSL. SBC sent me some software to control my connection. Bellsouth just sent me a modem and no useful software. If I want to shut down my connection I have to unplug my modem. One other question while I am here.......If I do unplug and reconnect......do I get a new IP?

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
IP's are "leased" and they might expired after 30, 60, 90 etc days, and your ISP might issue a new one, or maybe it will never change. I have a cable modem and my IP hasn't changed in over 2 years.

Pings like that can't be avoided, in fact, I can right now setup a port scanner and ping a range of IP's, so, no matter what you do you'll get hit, but, if you have a firewall like Zone Alarm it will bounce it off, as long as you "close" ports and only grant access to the "trusted" software you use you'll be fine.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

Quote

Get a linksys dsl/cable firewall/router.



I have one and still get Zone Alarms alerts.



Of course you will. Everytime the ping hits your system, but is not getting "into" your computer.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Quote

Get a linksys dsl/cable firewall/router.



I have one and still get Zone Alarms alerts.



Coming from the outside, or originating on your computer trying to reach the outside? You shouldn't be getting the former. The firewall performs NATing, so it's impossible (excepting someone spending the time and effort to target and hack you individually) for anyone from the outside to reach your pc unless your pc initiates the contact, and if it does, Zone Alarm probably wouldn't balk at the return stream anyway.

The alerts you're getting are probably processes on your machine trying to go out to the internet, not something from the internet trying to reach your machine.

Or....you screwed with the default firewall settings on the Linksys.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Quote

Quote

Get a linksys dsl/cable firewall/router.



I have one and still get Zone Alarms alerts.



Of course you will. Everytime the ping hits your system, but is not getting "into" your computer.



No, if he has a hardware firewall, the pings should never reach his system.

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

No, if he has a hardware firewall, the pings should never reach his system.



True, but my understanding is that he gets those pings, and he doesn't want them, which is unavoidable.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

No.. They're notices from ZA stating that xx.xx.xx.xx tried to access my PC.

And no, I didnt touch the router settings...



That's screwy. Because it works like this...

Your ISP gives you an IP address, lets call it A. The router is assigned that ip address. Now your PC has an IP address, B. That address B is a non-routable IP address and cannot be pinged or in any other way directly accessed from the internet. Pings would be sent to IP address A and that's your firewall. So, it should never reach your computer. Unless, like I said, someone is manually and deliberately breeching some Linksys vulnerability to hack into you. But if they had the skill and desire to do that, they'd have no problem breaking through Zone Alarm.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Quote

No, if he has a hardware firewall, the pings should never reach his system.



True, but my understanding is that he gets those pings, and he doesn't want them, which is unavoidable.



But you can't ping a pc on a private network with a non-routable ip address from the internet. Much better to let someone ping your router and have it NACK than to let the pings through to your pc where a whole slew of vulnerabilities exist.

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

Quote

No.. They're notices from ZA stating that xx.xx.xx.xx tried to access my PC.

And no, I didnt touch the router settings...



That's screwy. Because it works like this...

Your ISP gives you an IP address, lets call it A. The router is assigned that ip address. Now your PC has an IP address, B. That address B is a non-routable IP address and cannot be pinged or in any other way directly accessed from the internet. Pings would be sent to IP address A and that's your firewall. So, it should never reach your computer. Unless, like I said, someone is manually and deliberately breeching some Linksys vulnerability to hack into you. But if they had the skill and desire to do that, they'd have no problem breaking through Zone Alarm.



If you have ZA installed on your PC instead of the router you'll see those messages, but, like he said there's no problem breaking thru ZA.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

Remster    30

Remster
Is it possible its in response to some trojan I had on my PC? I had a rash of nasties a little while ago... I'm thinking the virus communicates to whatever out there and the comminication back is blocked...

By the way, PC is clean-ish now... still havent been able to get rid of a stupid source of spyware...
Remster

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Is it possible its in response to some trojan I had on my PC?



Yes, that's the point I was making that the communication is probably originating from your pc which would open a pipe through the router that someone could follow back through your router to your pc. But if that were the case, I would assume that it would not trigger a warning in ZA, but I could be wrong about that.

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

If the router is functioning properly, the pings will never reach the pc, so you WON'T see the messages. The ICMP packets will be dropped by the router.



Maybe the settings in ZA, you can allow or deny ICMP pings
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

freeflir29    0

freeflir29
Quote

I would assume that it would not trigger a warning in ZA, but I could be wrong about that.




It's been awhile since I used ZA but isn't it true that the FIRST time a new program tries to access the internet ZA stops it to ask for permission? Unless the program used a way around like finding a program that already had access or spoofed ZA somehow.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

Maybe the settings in ZA, you can allow or deny ICMP pings



You're missing the point here. If you ping 159.43.56.5, and that is his router, it's never going to get to his pc running ZA which has ip address 192.168.0.2. So it doesn't matter what the ZA settings are, the pings will never reach ZA or the computer unless he's opening up a pipeline for them from a trojan on his machine.

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

Quote

I would assume that it would not trigger a warning in ZA, but I could be wrong about that.




It's been awhile since I used ZA but isn't it true that the FIRST time a new program tries to access the internet ZA stops it to ask for permission? Unless the program used a way around like finding a program that already had access or spoofed ZA somehow.



Yes, but there are 2 kinds, the "recommended" by ZA which is pretty much automatic or MANUAL in which you WILL have to grant access to every single program, in my opinion, that's the way to go.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

flyingferret    0

flyingferret
Do you have a Linksys router? I bet you do.

A lot of the linksys routers have ZA embedded on the router, this then interfaces with your PC and pass alert message, like the router acting as a remote sensor.

If that is not the case....it should be techinically impossible to get pings from the outside world through a NAT. Of course something inside could be pinging. Do you have other machines on the LAN?

Personally I would recomment Netgear, not Linksys. But that is another debate.
For Clay, get a router!!
I would not run a constant internet connection without one period.
you can read about NAT here http://computer.howstuffworks.com/nat.htm
Technically much better than a software firewall...unless you are running a real stateful inspection engine.

I run a router, and nothing else....NAT takes cares of it all.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

A lot of the linksys routers have ZA embedded on the router, this then interfaces with your PC and pass alert message, like the router acting as a remote sensor.



Ahhhh...was not aware of that. I have a Netgear. My computer has been turned on and connected to the internet for the better part of 3 years, and I've never gotten a PING alert from ZA.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing