you had an unprotected system up for 24 hours? connected to the internet
unprotected for that period? damn, I've seen boxes get scanned and
compromised in as little as 15 mins....
Thanks,
Ron DuFresne
On Mon, 8 Jan 2001, Steve Coleman wrote:
> Hello,
>
> I recently bought a new (WinME HP 850Mhz) machine for my personal use at
> home, attached it to a cable modem, and the next day installed BlackICE
> to help protect it. I have since noticed a lot of ICMP traffic that
> BlackICE was considering to be a ping flood attack. After attaching a
> network sniffing package I found that my machine was trying to ping
> address 207.26.131.137 (ans.net), the packets were timing out, and the
> ICMP packet was the notification of that ttl expiration.
>
> My question is why would my brand new WinME system be trying to ping a
> nonexistant machine at ans.net? I can only imagine that it might be some
> kind of backdoor notification of a newly compromised system. If it has
> been compromized then they must have done it within the first 24 hours
> of having it plugged in. Has anyone else seen this kind of traffic going
> through their firewall or did the people configuring my OS (i.e. Best
> Buy) install something I don't need/want installed?
>
> Thanks for your help.
>
> --
> Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
> High Performance, fault tolerant, distributed, real-time computing
> <<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
> Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
