They keep Pinging me

Discussion in 'System Security & Infection Support' started by Richard1, Aug 28, 2003.

  1. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    I Keep getting a ICMP(type:8/Subtype:0) in my Zone alarm log
    it's been going on since last night and it's starting to make me paranoid :shock
    If this has happened to anyone else let me know so I can come out from under the bed;)
    here is just a very small sample of the zone alarm log file.
    FWIN,2003/08/25,18:19:28 -7:00 GMT,12.222.132.100:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:19:46 -7:00 GMT,12.220.115.76:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:19:50 -7:00 GMT,12.221.164.177:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:04 -7:00 GMT,12.221.101.177:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:10 -7:00 GMT,12.221.177.65:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:18 -7:00 GMT,12.220.118.121:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:22 -7:00 GMT,12.222.60.88:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:22 -7:00 GMT,12.222.42.117:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
    FWIN,2003/08/25,18:20:24 -7:00 GMT,12.220.139.29:0,12.219.xxx.xx:0,ICMP (type:8/subtype:0)
     
    Richard1, Aug 28, 2003
    #1
    1. Advertisements

  2. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    I see that you have AT&T WorldNet Services and that the IP (12.222.132.x) keeps pinging you from is from AT&T. It may be AT&T or it may be someone else port scanning you (maybe intentionally or maybe a virus or spyware). Make sure you have the patches from MS and that your equiped with the latest virus definition files and that no port is open in your firewall that you don't need.

    Go to GRC to see if you have anything open.
     
    James, Aug 28, 2003
    #2
    1. Advertisements

  3. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    Thanks!
    I have been to GRC And all of my ports are stealth all virus up to date and MS updates,But my ISP
    isn't AT&T It's Mediacom.
    Do you Think mediacom buys the service from AT&T?
    The reason I ask is this morning I called my ISP to see what they said to do and the tech I spoke with told me to track the IP and turn them into the [email protected] and It happened to be AT&T.
    So I probably turned AT&T into [email protected]&T.:lol
    Maybe I'm just being paranoid :roll
    I just wanted to make sure this was a normal thing.
     
    Richard1, Aug 28, 2003
    #3
  4. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    I looked at your logged IP from your first post in this thread and did a whois on it, it came up as AT&T. They lease out a lot of their IP range.

    Are you still being pinged?
     
    James, Aug 29, 2003
    #4
  5. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    Yes still being pinged.
    It just keeps going one after the next.

    Y?
    Would it help if I gave you A Hijack this report of my system?
     
    Last edited: Aug 29, 2003
    Richard1, Aug 29, 2003
    #5
  6. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Possibly.
     
    James, Aug 29, 2003
    #6
  7. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    Maybe you can make something out of this.

    Logfile of HijackThis v1.96.2
    Scan saved at 6:26:56 PM, on 8/28/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Belkin\Nostromo\nost_LM.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\programs\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com;<local>
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - Startup: Shortcut to Smartie.exe.lnk = D:\Crystalfontz\smartie52\smartie5.2\Smartie.exe
    O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37832.9096527778
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Richard1, Aug 29, 2003
    #7
  8. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    That's just your system information, services running, patches installed, etc.
     
    James, Aug 29, 2003
    #8
  9. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    Nothing unusual though?

    Do you know of any reason Y this might be happening?
     
    Richard1, Aug 29, 2003
    #9
  10. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    BTW I do really appreciate the help,
    This has been bugging me and my ISP is not really any help.
     
    Richard1, Aug 29, 2003
    #10
  11. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    I would say it's either coming from some sort of DHCP server AT&T has that keeps updating your cable modem or someone is trying to port scan you. Or it could be a virus too.

    I had an FTP server on one of my machines and people kept trying to get in, it's just something you have to deal with most of the time. It's annoying at times though. :(
     
    James, Aug 29, 2003
    #11
  12. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    here's something strange that I just noticed even with my zone alarm lock engaged to stop all Internet traffic I'm still receiving & sending packets.
    Do you think I've got a Worm?
     
    Richard1, Aug 29, 2003
    #12
  13. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Your NIC is probably just talking to your modem. My cable light is always flasing, but I have 5 or so PC's on the network too.

    Scan for a virus just to make sure, but I think your fine. Zone Alarm likes to make people think there's always something going on when you send or receive a packet. ;)
     
    James, Aug 29, 2003
    #13
  14. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    Thanks for the help James, Your the coolest. 8)
    and your probably right I'm just going to ignore it.
    I scanned with Norton and nothing came up and all of my updates
    where done before this started so I'm fine.
    Besides my GF thinks I care more about the computer then her:roll
     
    Richard1, Aug 29, 2003
    #14
  15. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Women. :roll

    ;)
     
    James, Aug 29, 2003
    #15
  16. Richard1

    Kristi I'm Baaaackkk!! VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    271
    Likes Received:
    5
    Location:
    Maine, USA
    I know how she feels....:lol
     
    Kristi, Aug 31, 2003
    #16
  17. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    My girlfriend and I cleared the air on this whole subject.
    She just had to realize that my love of computing is a different kind of love.:D
     
    Richard1, Sep 4, 2003
    #17
  18. Richard1

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    That's good, now she can use that against you with one of her loves (shopping, etc..) ;)
     
    James, Sep 4, 2003
    #18
  19. Richard1

    Richard1 Mod-Junkie

    Joined:
    Jun 25, 2003
    Messages:
    34
    Likes Received:
    0
    Location:
    Arizona
    :shock: I never thought of that..
     
    Richard1, Sep 4, 2003
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.