Under attack?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Under attack?
Under attack?
07-12-2011 5:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've been seeing this in my nat router log for the last few weeks. I know its only a ping but it is very persistent. Still happens if I get a new IP address.
Any ideas?
--------------
FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 61.128.162.218 Dst ip: myipaddress Type: Destination Unreachable Code: Communication with Destination Host is Administratively Prohibited
--------------
61.128.162.218 has been identified as an attack IP according to various googlings.
Can Plusnet block it at their network?
Regards
Re: Under attack?
07-12-2011 5:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Under attack?
07-12-2011 7:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Under attack?
07-12-2011 9:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The packet in your firewall log is the icmp response you would receive if something on your computer attempts to open a connection to that IP address. It's unclear to me if the firewall blocked that packet or just "checked" it - the "Host is Administratively Prohibited" is part of the info in the packet received.
I suggest you check that there's nothing on your computer (malware etc.) trying to connect to that IP address.
Re: Under attack?
08-12-2011 9:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: FarmerGiles FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 61.128.162.218 Dst ip: myipaddress Type: Destination Unreachable Code: Communication with Destination Host is Administratively Prohibited
That's exactly the same message (and source IP) which has recently been plaguing me with monotonous persistence and regularity (maybe once every 3 or 4 hours).
Re: Under attack?
08-12-2011 10:31 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ejs I suggest you check that there's nothing on your computer (malware etc.) trying to connect to that IP address.
This message appears in my router log when my PCs are switched off and nothing else is connected. So it's either incoming which is being blocked by the router or the router itself (TG585) has malware onboard - unlikely!
Re: Under attack?
08-12-2011 11:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My (somewhat dated) ASUS barebones system uses a Realtek RTL8139/810x Family Fast Ethernet NIC (driver version 5.687.225.2008) which seems to have been serving me well. However, further research now reveals that the 8139 Fast Ethernet card is regarded by some as "probably the worst PCI ethernet controller ever made"
Could the adapter in any way be related to the icmp checks?
Re: Under attack?
08-12-2011 1:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: caulbox Could the adapter in any way be related to the icmp checks?
No. It may well be "low end" hardware, but that makes it cheap and very common.
Probably the reason these icmp response packets get logged is because no corresponding outbound connection attempt was made.
Re: Under attack?
08-12-2011 2:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ejs Probably the reason these icmp response packets get logged is because no corresponding outbound connection attempt was made.
Wouldn't such logic imply that the icmp checks would cease if a new IP address is being used? Like the OP reports, these checks persist for me too, even after commencing new PPP sessions with completely different IP addresses assigned.
Re: Under attack?
09-12-2011 7:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
FIREWALL icmp check (1 of 3): Protocol: ICMP Src ip: 217.0.86.113 Dst ip: 212.159.61.36 Type: Destination Unreachable Code: Communication Administratively Prohibited
and from RoadRunner in the States
FIREWALL replay check (1 of 1): Protocol: ICMP Src ip: 184.57.54.8 Dst ip: 212.159.61.36 Type: Destination Unreachable Code: Communication Administratively Prohibited
Re: Under attack?
11-12-2011 1:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Since I posted this the icmp messages from this IP have stopped. Maybe Plusnet have quietly done something?
Regards
Re: Under attack?
11-12-2011 1:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Under attack?
29-01-2016 8:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 5.178.87.106 Dst ip: 87.112.195.34 Type: Destination Unreachable Code: Port Unreacheable
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page