Hello,
I recently bought a new (WinME HP 850Mhz) machine for my personal use at
home, attached it to a cable modem, and the next day installed BlackICE
to help protect it. I have since noticed a lot of ICMP traffic that
BlackICE was considering to be a ping flood attack. After attaching a
network sniffing package I found that my machine was trying to ping
address 207.26.131.137 (ans.net), the packets were timing out, and the
ICMP packet was the notification of that ttl expiration.
My question is why would my brand new WinME system be trying to ping a
nonexistant machine at ans.net? I can only imagine that it might be some
kind of backdoor notification of a newly compromised system. If it has
been compromized then they must have done it within the first 24 hours
of having it plugged in. Has anyone else seen this kind of traffic going
through their firewall or did the people configuring my OS (i.e. Best
Buy) install something I don't need/want installed?
Thanks for your help.
--
Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
High Performance, fault tolerant, distributed, real-time computing
<<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
