View Full Version : ZoneAlarm- What are Echo requests?

That Insufferable Jerk...
11-06-2003, 03:44 PM
I just installed ZoneAlarm’s fire wall and I am getting 3 or 4 ICMP Echo Request (‘Ping') messages each minute. What are they, are they taking up my bandwidth, and if so how do I stop them?

Futile Gesture
11-06-2003, 04:12 PM
A ping is the internet equivalent of "Hello, anyone there?"

Normally your computer would reply "Yes, I'm here." But if ZoneAlarm is blocking them it's ignoring them.

Computers automatically do pings normally to work out what's about around them on their local network. If they're going out onto the internet as a whole it's usually just a result of the computer being badly configured. They're tiny and there is nothing you can do about them except let ZoneAlarm block them.

11-06-2003, 04:16 PM
Ping is a simple TCP/IP command used to determine whether two hosts can communicate with each other. Its packets are generally harmless unless sent in large numbers in an attempt to flood someone's connection. Much of your ping traffic is probably coming from computers infected with the nachi worm (http://vil.nai.com/vil/content/v_100559.htm). There isn't much you can do other than patch your system and put up a firewall like ZoneAlarm.

11-06-2003, 05:05 PM
If you are actually seeing these ping requests a couple times a minute, then you probably have ZoneAlarm set to notify you every time it blocks something.

Changing the settings so these are logged, but you do not get notified every time really reduces the number of interruptions while you are online. I find that much more productive.

11-06-2003, 10:10 PM
There are some exploits used by crackers and other anitsocial types to determine which involve sending a malformed ping to a host and determining what software the host is running by looking at how the host responds. For example, they can look at the response and determine that the host is running a certain version of IIS on Windows XP that hasn't had certain Service Packs installed. From that info, they can tailor an attack.

Dropping such pings is probably the best thing you can do, short of tracking down where they came from and coming at the loser with a clue-by-four. ;)

11-06-2003, 10:37 PM
to determine which involveObviously, I meant "to determine properties of the host machine which involve ... ".