Question

Locked

Why so many ICMP requests when nothing is running?

By tim.mcgovern ·
Even if I have no other applications running, I can go to the activity page of my firewall software (have tried ZoneAlarm, and am currently using Comodo) and watch as hundreds of ICMP attempts (blocked by the firewall, but attempted, nonetheless) go by.

My guess is that I have some sort of virus, trojan, worm, or spyware, but no matter which virus scanners or anti-spyware programs I use (AVG, BitDefender, TrendMicro, Kaspersky, AdAware, Spybot, HiJack This, A-Squared), the scans always come back saying that my system is clean.

Why would my system be sending out so many ICMPs? What else may I try to see if this is a virus type of thing?

Anything that would help unravel this mystery would be greatly appreciated.

Thanks!

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

which control message?

by CG IT In reply to Why so many ICMP requests ...

ICMP is a protocol suite. mostly its for errors in datagrams or for network diagnostics such as using ping /traceroute.

your firewall might be seeing errors in the ip datagram and dropping packets from inbound traffic rather than outbound traffic.

have to inspect the ICMP message to get the error to really determine what's going on.

Collapse -

Details

by tim.mcgovern In reply to which control message?

Here are the only details I have:
Description: Outbound Polilcy Violation (Access Denied, ICMP = PORT UNREACHABLE)

Protocol: ICMP Outgoing

Source: 192.168.1.101

Destination: 59.104.140.64

Message: PORT UNREACHABLE

Reason: Network Control Rule ID = 9

There are hundreds of these, some with the same destination address, most different.

Collapse -

well its local

by CG IT In reply to Details

whatever machine is 192.168.1.101 is generating ICMP messages and the remote system is blocking them. MTU needs type 3 and 4 to pass through the router. Type 9 is a router advertisment. If the 192.168.1.101 is your router it's sending out advertisments and the receiving end is denying them.

I got this off of Comodo: here's a link to that: http://forums.comodo.com/help/network_control_rule_id6_resolved-t7185.0.html;msg52574#msg52574

Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: x.x.x.164
Destination: 85.178.247.18
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

The ICMP Destination Unreachable (message type 3) is sent back to the originator when an IP packet could not be delivered to the destination address because it couldn't reach the port from your system to the internet. I get these all the time when I'm p2p'ing, which is normal. You don't have to, but you can add a NetMon rule to allow these. (Users have noticed a slight speed increase in downloads if they add such rule )

Network Control Rule ID=9 sounds a lot like Cisco's Admission Control Rule ID=9 which is an ACL rule that blocks ICMP

Collapse -

doesn't an external ping generate a response...

by sgt_shultz In reply to Why so many ICMP requests ...

from the pinged device? maybe you should block outside pings and see if the problem goes away.
what port is being used?

Collapse -

Sgt Shultz is right.

by CG IT In reply to doesn't an external ping ...

try blocking ICMP at the firewall and see if that stops "inbound"/"outbound" ICMP responses.

Collapse -

Try using "cport"

by DaveDXB In reply to Why so many ICMP requests ...

"Cport"

google it.

Nice small application to see what your system is listening to and connecting to in the background. Maybe that will help you pinpoint the source.

Collapse -

Torrents

by xstos In reply to Why so many ICMP requests ...

Did you use p2p apps (i.e. torrents). If you kill ur app, the network still thinks you're a node and random peers will ping u to see if ur still alive. That's probably it :)

Collapse -

Zombie alert

by PurpleSkys In reply to Torrents

dead post already...

Back to Malware Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums