Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Wierd PC Behavior - Scanning IP's constantly!

Wierd PC Behavior - Scanning IP's constantly! 13 years 5 days ago #1941

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Hi people,

I'm just running my packet sniffer and observing some really wired stuff .....

My pc is constantly sending ICMP echo requests (pings) to different IP's that do not exist on the network.

What's alarming is that these pings are being sent at a rate of 45-50 ip's per second! This is the type of behavior you would expect from a virus infected PC, but my antivirus isn't reporting anything.

In the task manager, there dosen't seem to be any sus program running and I'm left scratching my head!

Any ideas or suggestions ?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Wierd PC Behavior - Scanning IP's constantly! 13 years 5 days ago #1942

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hmm the bad part is that being ICMP you wont be able to catch the process in netstat or tcpview.
Have you installed any spyware recently ?

What you could do is install zonealarm and when each program tries to access the net it will ask you if you want to allow it to. When you see a process that you're not sure about, you'll have caught the offender.

Thats pretty much how I found a worm on my system, my antivirus didn't say anything.. and then ZA told me that dllhost.exe wanted to send email :)

All things failing, update virus defs and run a full system scan (dont rely on blodhound heuristics to catch things).. if nothing comes up, do a system restore... or worse a reinstall.

Good luck
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Wierd PC Behavior - Scanning IP's constantly! 13 years 4 days ago #1960

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Actually that's a great idea Sahir.... I'll do it on Monday and post the results here!

Thanks for that!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

ICMP ping flood 12 years 11 months ago #2256

  • UHSsncmrm
  • UHSsncmrm's Avatar
  • Offline
  • Frequent Member
  • Posts: 63
  • Karma: 0
Sometimes AV software won't detect ping flooding as actual virus...I see that problem with CA's E-trust all of the time, run stinger against the machine.

Merely a suggestion, good luck. Let us know.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
The administrator has disabled public write access.

Re: Wierd PC Behavior - Scanning IP's constantly! 12 years 11 months ago #2259

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Errmmm.... I forgot to update you guys on the problem :)

It ended up being a worm problem! The worm, which is similar to blaster had infected my machine and was looking for other victims!

All is well now, I'll be making available the trojan scanner for people to download sometime soon!

Cheers
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Wierd PC Behavior - Scanning IP's constantly! 12 years 11 months ago #2260

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
I'd be interested in seeing that scanner as I have had problems with the speed of my W2K machine and haven't had a chance to look at it yet. My AV doesn't say anything, either.

What was it you did that found the worm and which one was it?
Thanks,

Tom
The administrator has disabled public write access.
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup