what does this mean?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: what does this mean?

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    4

    what does this mean?

    My firewall program tells me that a computer is sending packets to my computer every few seconds. My firewall has been blocking the packets. The program tells me that the sending computer is trying to send them to another computer through my computer. But I have my software setup to not forward those packets to the destinatin computer.

    This has been going on for a few days now. Non-stop! I know the ip of the source computer and I have the ip of the destination computer.

    Why is this happening? What can I do about it? Can I find out who is doing this? Will this degrade my internet access. I found this out because my cable access has really sucked lately, I am loosing packets peridically then it does great then 15 seconds of loss etc. etc.

    Norton says no viruses and no trojan horses.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Some exerpts of your logs would be useful. Just block out the ip like say... its source 192.168.0.1 make it 192.168.0.x to 192.168.1.x etc.

    Some ports would also be helpful. It is hard to tell, what kind of packets are being sent if we don't know the services and port numbers.

    It might just be some spyware trying to phone home. Did you run adaware or spybot search and destroy lately? Give that a whirl.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    phishphreek80> is 192.168.0.1 a non routeable address?

    which begs the question, omegaman66, are these packets coming from outside your network from the internet, do you have a network or are you a standalone box? what operating system(s) are you using? do you have a routing service, internet connection sharing or perhaps a client on your network using client for ms networks logon running? is your ISP using some sort of bootstrap keepalive mechanism to see if you are still there, though perhaps not if you are on cable, more likely for dialup users.
    My firewall has been blocking the packets. The program tells me that...
    feck what the program tells you, post more about the packets, they weren't broadcasts or some sort of RIP, do the source and destination fields always stay the same?
    Some ports would also be helpful. It is hard to tell, what kind of packets are being sent if we don't know the services and port numbers.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    4
    This is what I can tell you.
    Source Ip: 10.1.32.1
    IP protocal 89
    Destination Ip: 224.0.0.5
    Direction: Routed
    Action: Blocked
    Destination DNS: OSPF-ALL.MCAST.NET

    This is what Zone Alarm tells me through its interface.

    Since it is being blocked I am not all that concerned. Just really curious as to why a computer is trying to route packets through my computer to another.

    I am a novice to all of this stuff and maybe I am not alarmed and should be?
    I don't see how to access the logs, everything appears to be a .zap file in the zone alarm directory. Should I open one of these with notepad or wordpad to see the actual log file?

  5. #5
    Member
    Join Date
    Aug 2002
    Posts
    88
    the adress you send is probably a spoofed adress. Any adress beginning with 10 is a developmental network adress and unless you are associated with a college or other research facility it is a spoofed adress. Block it. I have blocked 10.0.0.0 thru 10.255.255.255 for that reason.

  6. #6
    Junior Member
    Join Date
    Feb 2003
    Posts
    4
    I am just a stand alone computer from my house. win98! no internet connection sharing. I have long ago killed the programs that the cable company put on my computer for online help and such.


    Yes the source and destination ip's have not change over the last three days and for god know how long before that. packets come every 20 seconds or so.

    Nothing shows in the program slot on zonealarm.

    Don't know how to find out anymore than what I have sent. So if you want to fiddle with this you will have to tell me how to get the information such as which port. I guess the port is 89??? See above post.

    The data packet was sent from port 0 on a computer whose IP address is 10.1.32.1

    The data packet was sent from port 0 on a computer whose IP address is 10.1.32.1

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    phishphreek80> is 192.168.0.1 a non routeable address?
    (V)/\><: yeah, my mistake. Any private network ip address isn't routable on any networks except for private networks. So you can route it only on your private LAN or WAN, but not to the internet.

    I was just using that as a reference. I always thought that u weren't supposed to post peoples ip addresses...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    224.0.0.5 is, in fact, a multicast address. I would guess the router downstreap from you is sending OSPF update packets, and for whatever reason you are seeing them in your zone alarm configs. It's probably a mis-configured router at the ISP. The only part that really troubles me is port 89. According to Iana, that's a telnet gateway for both tcp and udp. I would suggest calling your ISP, telling them your service sucks, that you are recieving OSPF multicast packets, and that they need to take a look at their router with that 10.x.x.x address. If you could give them a couple of good traceroutes that go through that router, it would help, but likely you will see a different address when you pass through that router. Worth a shot though

  9. #9
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    I always thought that u weren't supposed to post peoples ip addresses...
    how thoughtful of you

    OSPF updates are usually triggered by a topology change, and these are coming in constantly, but OSPF can send updates to a multicast group. if they are ospf updates thenit should contain information on your isp network topology, so i doubt that it is. RIP normally updates every 30-60 seconds, but i would doubt that it is that either.

    i think, don't hold me to this now, that the class A 10.x.x.x ip address range is reserved for autonomous systems, so a company can use one "live" ip connected to the 'net or another network or another autonomous system and the nodes in the autonomous system are all 10.something. unless it is spoofed, then it is coming from the same network "segment" as you. check the time to live value? i would poke 10.1.32.1, see what happens and not worry about it because atleast it is automated, every 20 seconds, so its not likely to be a (stealthy) human.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  10. #10
    Banned
    Join Date
    Jan 2003
    Posts
    63
    Yeap make sure its your ip addres you dont wont to let in any others in your pc now do you very good statment phishphreek80 you where gonna say what i was.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •