My home PC is an HP and they have a bunch of junk installed by default. The
one app that annoyed me was some sort of auto-update program that looked for
updates and automatically updated the system. Do a netstat -a (or -an for
no names) and see what ports are open. If you're trying to figure out which
app is the culprit, install a sniffer (ethereal.zing.org) and see if you can
match the source port with the packets going to ans.net. Also, Zone Alarm
and Norton Personal Firewall are much more helpful when trying to figure
this stuff out as they inform you when an app tries to connect out.
I rebuilt my HP and it works much better now. Most of the drivers you need
are on one of the CD's that comes with it...
Mike
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Coleman
Sent: Monday, January 08, 2001 8:49 AM
To: [EMAIL PROTECTED]
Subject: ping activity originating from my home machine
Hello,
I recently bought a new (WinME HP 850Mhz) machine for my personal use at
home, attached it to a cable modem, and the next day installed BlackICE
to help protect it. I have since noticed a lot of ICMP traffic that
BlackICE was considering to be a ping flood attack. After attaching a
network sniffing package I found that my machine was trying to ping
address 207.26.131.137 (ans.net), the packets were timing out, and the
ICMP packet was the notification of that ttl expiration.
My question is why would my brand new WinME system be trying to ping a
nonexistant machine at ans.net? I can only imagine that it might be some
kind of backdoor notification of a newly compromised system. If it has
been compromized then they must have done it within the first 24 hours
of having it plugged in. Has anyone else seen this kind of traffic going
through their firewall or did the people configuring my OS (i.e. Best
Buy) install something I don't need/want installed?
Thanks for your help.
--
Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
High Performance, fault tolerant, distributed, real-time computing
<<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
