Computer Help forum

General discussion

ICMP Ping

Hi, i run mc afee personal firewall and i have noticed that the software reports that it has blocked ICMP pings, usually about 60 per day. what are ICMP pings and are they dangerous and should i be concerned that some are not being blocked? what should i do?

Discussion is locked
You are posting a reply to: ICMP Ping
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ICMP Ping
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Depends

In reply to: ICMP Ping

There are plenty of harmless reasons you'd be getting ping requests, and also plenty of reasons that might indicate a potential threat.

There are 3 basic networking protocols used on the Internet... ICMP, UDP, and TCP, each one builds on the previous one. ICMP is really only used to "ping" another computer. This is a handy tool to be able to tell if a computer is running and connected to the network. It can also be a handy tool for people looking to launch automated attacks.

Generally speaking, it's best to have these requests "dropped", meaning the firewall doesn't respond at all to ping requests. To a bot looking for "live" IP addresses to try and hack into, this makes your computer seem invisible. It's less likely to fool an actual person hacker, but few of those exist.

If they aren't all being blocked, then you'll want to figure out what IPs are being allowed through. It's probably something to do with the automatic update system, but always good to keep a watchful eye on these things. You should be able to use a whois program or site to figure out who the IP address(es) are registered to. If it's something you recognize, it's probably nothing to worry about. If you DON'T recognize it, then you might want to start looking into the possibility that your system has been compromised.

Collapse -
auto updates

In reply to: Depends

thanks for your advice. i must admit that i have a number of auto update options that i have turned on. what i would like to find out is does switching on updates from 'reputable' software publishers such as microsoft or some other publishers safe? or would you advice i switch all of them off?

Collapse -
let me give you an example of what is being reported

In reply to: Depends

2007/01/11 20:13:42 129.241.221.88:11082 (vpn-22188.vpn-a.ntnu.no) 130.88.173.198:44403 IDS: 'NewTear' Attack
2007/01/11 20:13:39 129.241.221.88:18156 (vpn-22188.vpn-a.ntnu.no) 130.88.173.198:62932 IDS: 'NewTear' Attack
2007/01/11 20:13:36 129.241.221.88:4826 (vpn-22188.vpn-a.ntnu.no) 130.88.173.198:8243 IDS: 'NewTear' Attack
2007/01/11 20:13:33 129.241.221.88:11073 (vpn-22188.vpn-a.ntnu.no) 130.88.173.198:42704 IDS: 'NewTear' Attack
etc...etc.. it just keeps going on and on.
when i use the whois.com service, this is what i get..
Kopibeskyttet, se http://www.norid.no/domenenavnbaser/whois/kopirett.html
Rights restricted by copyright. See http://www.norid.no/domenenavnbaser/whois/kopirett.en.html
no matches


i was using skype at the time this was logged by mc afee, can it be a contributer?

Collapse -
Looks like

In reply to: let me give you an example of what is being reported

Looks to me like you're just being probed by a bot that's looking for a way in. If you keep up to date on your Windows Update patches, there should be minimal risk. Also make sure your firewall is set not to respond to ICMP requests.

There's not a lot else you can do besides the usual. Make sure you ONLY open ports on the firewall that you have to. Avoid using Internet Explorer, Outlook/Outlook Express, pirated and file sharing programs, etc. Should also probably mention that using MS Word can be a bit dangerous these days, with 3 actively exploited security issues that are presently unpatched. MS Office apps are increasingly being targeted, so it might not be a bad time to change over to OpenOffice or something else.

Skype is kind of a wildcard program. It uses methods to force its way through firewalls, so it's impossible to secure. Any exploits for Skype could compromise your entire system.

However, the log snippets you provided just look like the firewall reporting that it detected and blocked this suspicious activity, like it's supposed to do. Probably wouldn't hurt to do a complete scan of your system using an online virus scanner like the one from Housecall. Then also run the virus scanner on your system, and I'd also run a few spyware scanners as well. After all that, get your hands on a copy of Rootkit revealer, and let it run. You shouldn't have more than a couple of entries related to your virus scanner. If all of those things come up clean, you should be able to rest easy.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.