Steve,
The other thing it could be is that the machine is not as new as you think it is. It
could be a machine that was returned to the store and then being resold. It should
not happen this way. It does sometimes, it could be a simple error or the place
you purchased it at did not know that it had been sold. Or it got out on the floor
in error.
So the first question would be when you opened the box, and turned on the machine
did it require you to go through a set up? Or did it just come up without information
being requested?
Who did you get the box from, local retail or HP direct?
S
*********** REPLY SEPARATOR ***********
On 1/8/2001 at 10:49 Steve Coleman wrote:
>Hello,
>
>I recently bought a new (WinME HP 850Mhz) machine for my personal use at
>home, attached it to a cable modem, and the next day installed BlackICE
>to help protect it. I have since noticed a lot of ICMP traffic that
>BlackICE was considering to be a ping flood attack. After attaching a
>network sniffing package I found that my machine was trying to ping
>address 207.26.131.137 (ans.net), the packets were timing out, and the
>ICMP packet was the notification of that ttl expiration.
>
>My question is why would my brand new WinME system be trying to ping a
>nonexistant machine at ans.net? I can only imagine that it might be some
>kind of backdoor notification of a newly compromised system. If it has
>been compromized then they must have done it within the first 24 hours
>of having it plugged in. Has anyone else seen this kind of traffic going
>through their firewall or did the people configuring my OS (i.e. Best
>Buy) install something I don't need/want installed?
>
>Thanks for your help.
>
>--
>Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
> High Performance, fault tolerant, distributed, real-time computing
> <<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
>Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
