I use a Zone Alarm free firewall software and lately the amount of blocks it logs is off the hook. I am getting pinged by literally as many as 60 unique IP address on various ports within a half hour period. What does it mean? Is someone trying to hack me? Is there anyway i can fight back... like ping them back kind of thing since I have their IP address?
Whats it mean when I get "Pinged"?
- Thread starter CraigLC
- Start date
Mercutio
Fatwah on Western Digital
They're pings. More than likely a script kiddie or some kind of worm is scanning ports on your machine, and everyone else's on your subnet, for some kind of vulnerability.
If you've got an up-to-date firewall package and all your OS patches in place, and you aren't doing something silly with your internet connection, like running an IRC server or warez FTP site, you probably aren't a tempting or interesting target; there are easier fish to catch.
If you really want to, you can probably send a report back to the owner of the netblock that originated the pings (use an abuse@ email address, if you can nsloookup the originating domain). At the very least, port scanning by users rather than service providers is considered impolite. Some have rules against it as well.
If you've got an up-to-date firewall package and all your OS patches in place, and you aren't doing something silly with your internet connection, like running an IRC server or warez FTP site, you probably aren't a tempting or interesting target; there are easier fish to catch.
If you really want to, you can probably send a report back to the owner of the netblock that originated the pings (use an abuse@ email address, if you can nsloookup the originating domain). At the very least, port scanning by users rather than service providers is considered impolite. Some have rules against it as well.
Will Rickards WT
Learning Storage Performance
It is probably due to the recent worm while it scans for targets.
Will Rickards WT
Learning Storage Performance
A ping is just a test for echo sort of thing.
You ping to see if there is a responsive system at a specific IP address or machine name. It in itself isn't that harmful. Lots of them can cause network traffic to be higher. The problem is when something such as the worm finds your machine through the ping, it attempts the exploit to hack into your machine. So a ping just indicates someone wants to know that your IP address is a responsive system.
You firewall may be blocking the ping requests by not responding to them. Thus your machine will appear as an unresponsive machine and not available to exploit.
You ping to see if there is a responsive system at a specific IP address or machine name. It in itself isn't that harmful. Lots of them can cause network traffic to be higher. The problem is when something such as the worm finds your machine through the ping, it attempts the exploit to hack into your machine. So a ping just indicates someone wants to know that your IP address is a responsive system.
You firewall may be blocking the ping requests by not responding to them. Thus your machine will appear as an unresponsive machine and not available to exploit.
Thanks for the info... may I ask was is nslookup? Can I put it in google or is it a website of its own?
The reason I originally chose the Zone labs firewall "Zone Alarm" is that if someone pings it, they dont get a responce back letting the hacker know that there is a computer there... Zone alarm gives no response giving the impression there is no computer there and taking just that much more time on the other end where each transaction has to time out :mrgrn: Anything I can do to make their lives a little more frustrating I am down for.
The reason I originally chose the Zone labs firewall "Zone Alarm" is that if someone pings it, they dont get a responce back letting the hacker know that there is a computer there... Zone alarm gives no response giving the impression there is no computer there and taking just that much more time on the other end where each transaction has to time out :mrgrn: Anything I can do to make their lives a little more frustrating I am down for.
Mercutio
Fatwah on Western Digital
nslookup is a standard program for translating host names into IP addresses. If you're using 2000 or XP or any kind of *nix, drop to a shell prompt and do "nslookup [ip address]" and it should tell you the hostname for that IP, if it's known.
So Clocker... you are saying its other infected computers trying to attack mine? Does this mean as the msblaster and its children get taken care of here and there the pinging will stop? I used to get hit here and there once in awhile but 60 times in a half an hour is incredible! I have a real slow dial up account so them sending packets or trying to ping me is just slowing it down even more!
Will Rickards WT
Learning Storage Performance
Doesn't shutting down the ping port cause problems with network oriented software like multi-player gaming and file sharing? Or no?
If no, then I would advise just asking your ISP to turn off that port too. Then the pings will never reach you.
If no, then I would advise just asking your ISP to turn off that port too. Then the pings will never reach you.
Howell
Storage? I am Storage!
Can you configure ZA to block pings but not log it?
Pinging is one of the ways Blaster and variants searches for other targets to infect. If you have a router than can drop pings or if you can configure ZA to drop them, you are less likely to be infected, I think, since you machine will appear to be dead (at least via Ping).
No pinging may cause problems for some games, but I doubt it. I have had my router configured to drop pings ever since I got it and never had a problem playing online games.
My ISP has acknowledged that no pinging may cause a problem for some in one way or another. They are only blocking pinging until the problem with Blaster can be gotten under control at which time the port blocking with be lifted.
C
No pinging may cause problems for some games, but I doubt it. I have had my router configured to drop pings ever since I got it and never had a problem playing online games.
My ISP has acknowledged that no pinging may cause a problem for some in one way or another. They are only blocking pinging until the problem with Blaster can be gotten under control at which time the port blocking with be lifted.
C
Mercutio
Fatwah on Western Digital
Yeah, blocking ICMP packets is one of those big no-nos that just isn't supposed to be done.
Mercutio said:
What is "the" correct way to handle ICMP filtering? What should be allowed/denied? I tried googling a bit, but I didn't find anything useful (allow all/some/none, depending on the page)... Didn't see any "official" info.
Cheers,
Jan
blakerwry
Storage? I am Storage!
blocking ICMP pings can really hurt when troubleshooting an internet conenction problem.. other than that I've not heard of any problems associated with it (I know I hear people saying that it may cause problems with games, but I have never heard which games or what problems.. I think it's just a myth)
The benefit of blocking ICMP pings can be obvious.. people(or viruses) looking to do mass port scans will often ping a host 1st.. if they can't ping it they will not go through the hassle of scanning ports on the computer and waiting for responses... they simply skip the host and move on...
blocking ICMP pings on an ISP level can often reduce traffic and thus potentially lower costs
The benefit of blocking ICMP pings can be obvious.. people(or viruses) looking to do mass port scans will often ping a host 1st.. if they can't ping it they will not go through the hassle of scanning ports on the computer and waiting for responses... they simply skip the host and move on...
blocking ICMP pings on an ISP level can often reduce traffic and thus potentially lower costs
Mercutio
Fatwah on Western Digital
It's one thing to do it on an end-point network. There' blocking ping can enhance the security of your LAN. It's another thing completely if you're acting as the service provider for anyone else. I'd hate to have to troubleshoot a connectivity problem without access to basic tools like traceroute to my ISP.
Slashdot had an article a couple days ago in the Ask Slashdot section about the efficacy of "black box" firewalling devices, such as the Linksys WRT54G with builtin Zonealarm. There's some interesting discussion of network security there as well.
Sonicwall devices can be less than $100 on ebay and sometimes a PIX will sell for less than $500. Just thought I'd mention that.
Slashdot had an article a couple days ago in the Ask Slashdot section about the efficacy of "black box" firewalling devices, such as the Linksys WRT54G with builtin Zonealarm. There's some interesting discussion of network security there as well.
Sonicwall devices can be less than $100 on ebay and sometimes a PIX will sell for less than $500. Just thought I'd mention that.
I'm on a LAN. I've understood that I should allow:
for general connectivity (troubleshooting, like Merc mentioned). Anything else? I'm currently blocking all ICMP, but [0] in/out, [8] in, [11] in. [actually, those were default on my FW]
I get [10] Router Solicitation like once a minute, when I clear the "all ICMP blocking". I don't think I should reply to that (especially outside our LAN), right?
Cheers,
Jan
- [0] Echo Reply
[8] Echo Request
[11] Time Exceeded
[30] Traceroute
[33] IPv6 Where-Are-You
[34] IPv6 I-Am-Here
for general connectivity (troubleshooting, like Merc mentioned). Anything else? I'm currently blocking all ICMP, but [0] in/out, [8] in, [11] in. [actually, those were default on my FW]
I get [10] Router Solicitation like once a minute, when I clear the "all ICMP blocking". I don't think I should reply to that (especially outside our LAN), right?
Cheers,
Jan