Do you know what might be

  • Thread starter Thread starter Adrian
  • Start date Start date
A

Adrian

I have a very strange behavior on my computer. Some process scans the
IPs incrementally and tries to ping them. Here is a piece of my outgoing log
from the firewall:

Source Destination Service/Port No.
192.168.1.101 192.168.249.75 PING
192.168.1.101 192.168.249.86 PING
192.168.1.101 192.168.249.87 PING
192.168.1.101 192.168.249.135 PING
192.168.1.101 192.168.249.136 PING
192.168.1.101 192.168.249.182 PING
192.168.1.101 192.168.249.183 PING
192.168.1.101 192.168.249.184 PING
192.168.1.101 192.168.249.185 PING
192.168.1.101 192.168.249.186 PING
192.168.1.101 192.168.249.192 PING
192.168.1.101 192.168.249.193 PING
192.168.1.101 192.168.249.194 PING
192.168.1.101 192.168.249.195 PING
192.168.1.101 192.168.249.196 PING
192.168.1.101 192.168.249.203 PING


I strongly suspect this might be some malicious code. It's really
killing my network connection. Do you have any idea what might be?

Adrian
 
I have a very strange behavior on my computer. Some process scans the
IPs incrementally and tries to ping them. Here is a piece of my outgoing log
from the firewall:

Source Destination Service/Port No.
192.168.1.101 192.168.249.75 PING
Click to expand...

The ip addresses are reserved, so it shouldn't be getting out of
your own network. Do you have a computer at that internal ip
with m$ networking over tcp turned on? I suspect it's just
scanning for other m$ computers in your lan, but you should
check to see what's running on it.

Regards, Dave Hodgins
 
On that special day, Adrian, ([email protected]) said...
I have a very strange behavior on my computer. Some process scans the
IPs incrementally and tries to ping them. Here is a piece of my outgoing log ^^^^^^^^^^^^^
from the firewall:
Click to expand...

Can it be that something like this is happening?

http://www.insecure.org/nmap/idlescan.html
(I recently read about this, else I wouldn't have had any idea why the
increments do happen)
http://seclists.org/lists/nmap-dev/2003/Oct-Dec/0066.html
http://www.inet-sec.org/docs/scanning/hping2idle.htm

Maybe it is about to become fashionable.


Gabriele Neukam

(e-mail address removed)
 
Back
Top