S
Stefan Mueller
Hello,
my firewall on the local net reported a large number of ICMP packets
to me which originate from a Windows 2000 SP3 workstation. I upgraded
to SP4 but I still received those packets.
Config: one network interface --> VIA Network card, TCP/IP, Client for
Microsoft, Print and File Services for MS
I installed a local firewall on the workstation and surprisingly those
packets are sent by the "SERVICES.EXE" app. Even more interesting if I
kill an instance of "DLLHOSt.EXE" the number of packets sent per
minute declines to 60 packets per minute compared to about 1000
packets before. I checked whether there are multiple "SERVICES.EXE" or
"DLLHOST.exe" on the computer (virus) - I didn't find any.
In addition I found out that the algorithm behind this mess takes the
TCP ip network from the network interface (10.0.0.0 - 255.255.255.0)
and starts "echo requesting" through the networks - 10.0.0.1, ...,
10.0.0.255, ..., 10.0.1.1, ... etc. A possible explanation for this
behaviour would be the fact that the station was part of a Windows
2000 domain.
Any ideas how to turn this off?
Regards,
Stefan
my firewall on the local net reported a large number of ICMP packets
to me which originate from a Windows 2000 SP3 workstation. I upgraded
to SP4 but I still received those packets.
Config: one network interface --> VIA Network card, TCP/IP, Client for
Microsoft, Print and File Services for MS
I installed a local firewall on the workstation and surprisingly those
packets are sent by the "SERVICES.EXE" app. Even more interesting if I
kill an instance of "DLLHOSt.EXE" the number of packets sent per
minute declines to 60 packets per minute compared to about 1000
packets before. I checked whether there are multiple "SERVICES.EXE" or
"DLLHOST.exe" on the computer (virus) - I didn't find any.
In addition I found out that the algorithm behind this mess takes the
TCP ip network from the network interface (10.0.0.0 - 255.255.255.0)
and starts "echo requesting" through the networks - 10.0.0.1, ...,
10.0.0.255, ..., 10.0.1.1, ... etc. A possible explanation for this
behaviour would be the fact that the station was part of a Windows
2000 domain.
Any ideas how to turn this off?
Regards,
Stefan