[Ham-Computers] Protocol question (ICMP)
Jay Eimer
ad5pe at familynet.net
Tue Aug 10 07:36:12 EDT 2004
ICMP is what's commonly referred to a "pings". Comes from the Unix (and
dos) command "ping 192.168.53.3" for example is a request to ping that IP
address. Typically it's used as a diagnostic to see if you have a
connection or a route to a particular machine (as in when you suspect you
don't!).
Nowadays, hackers sometimes use them either alone (denial of service attacks
by flooding your connection with inbound requests that your machine must
respond to) or as "feelers" to see what is out there, so they don't waste
more sophisticated attacks on machines that "don't exist", as it were.
The outbound traffic could be normal, or it could be your machine
"responding" to an inbound that wasn't blocked. Ping is a two way comm - no
info is exchanged other than the addresses (which are already known), but
since they're meant to be a diag tool, when a machine receives a ping
request, it replies, hence the outbound.
Now, if your firewall is blocking the inbound, then there shouldn't be an
outbound, unless some program you're running is GENERATING ping requests.
That sounds more like a virus, but someone with more expertise is welcome to
jump in at this point.
Jay
AD5PE
-----Original Message-----
From: ham-computers-bounces at mailman.qth.net
[mailto:ham-computers-bounces at mailman.qth.net]On Behalf Of WA5CAB at cs.com
Sent: Monday, August 09, 2004 20:13
To: Ham-Computers at mailman.qth.net
Subject: [Ham-Computers] Protocol question (ICMP)
Can someone please tell me what an ICMP protocol is, what it's used for and
what programs or type of programs might use it? I'm getting both inbound
and
outbound hits that NIS is blocking (or stopping and I have to hit the
confirm
button). Doesn't do any good to click the Always button as the IP addresses
keep changing. The inbound ones are one matter but the outbound ones have
me
wondering what's on my machine that wants out. Neither NAV nor SpyKiller
are
finding anything.
Robert Downs - Houston
<http://www.wa5cab.com> (Web Store)
<wa5cab at cs.com> (Primary email)
<wa5cab at houston.rr.com> (Backup email)
_______________________________________________
Ham-Computers mailing list
Ham-Computers at mailman.qth.net
http://mailman.qth.net/mailman/listinfo/ham-computers
More information about the Ham-Computers
mailing list