I’m running the Zone Alarm firewall that someone here reccomended a while back. It’s great and up til just now all I really had to contend with was a few sites trying to check me out.
Tonight I get online and as I type I am still being pinged, by all sorts of different DNS numbers. WTF?? Who the hell is doing this and how can I make them stop?
In the time it took me to type this, the number has gone up to 217 times!!
Folks, what is going on here, and how do I stop it?
Are you running Napster? Napster works in a way that ZoneAlarm detects as intrusion. I don’t know of any practical way around this except to shut off ZoneAlarm while you have Napster running.
I don’t know anything about Napster, but last weekend I had the experience of receiving hundreds of hits. When the Zone Alarm window informing of a hit would come up, I could watch the hits comiing at about 30/minute. I logged off and back on, which presumably gave me a different IP, and they were gone.
No, no Napster running. But thanks for the advice.
I think I may have solved the problem by disconnecting and dialing back in. I assume I now have a different IP address. I haven’t been pinged again.
I’m still kind of bothered by it, though. In all, I was pinged 285 times in 20 minutes. this isn’t normal, is it?
Beatle, your post came in as I was posting and I missed it. I see you’ve had a similar experience.
I guess this means one IP address belonging to my provider must be really popular.
I run both ZoneAlarm (a dman fine tool, IMO) and Napster. As long as Napster is given permission to be a “Server” in the settings I have no problems and no strange warnings whatsoever.
I went through periods of getting pinged from people in Korea (or spoofing through Korea) for one week - about a dozen times a day, every day. Then it stopped mysteriously.
Another strange thing is Amazon.com was trying to do something to my computer for a while after I went online and placed an order. The only way I could stop them hitting me was to reboot and change IP’s by releasing and renewing the IP via winipcfg. I sent a letter to Amazon demanding that they please present their Business Case for trying to start NetBIOS sessions on my computer, but never received a response. Send to dev/null i guess…
PS - if it keeps happening, it might be useful to tell ZoneAlarm to save the log to a file on the disk, and then post part of that log here, if you need help determining what is up.
Then I can activate some zombie computers and do a DoS attack on them, to get vengeance for you…
Are you really being just pinged, or is someone trying to make a socket connection to you?
A ping is a very low-level event that can tell you whether you have a path to another computer, but pings don’t present a threat to security (well, if thousands of other computers were all pinging you, your computer might not have time to do anything else but echo the pings, but I don’t think that’s the case).
Of course, I guess a ping could be a prelude to a socket attack. But since your software didn’t report that, I doubt that’s what happened. I think it’s more likely that someone who had the IP address before you started up something, and then went offline, and a remote computer somewhere is still trying to find him. I don’t know whether online games use pings to figure out if a computer is there, but maybe something like this happened.
the big thing to notice when you’re being pinged, is if they are all coming from the same ip. if they are all different, it’s probably no big deal, but if they are all the same, someone could be looking for vulnerabilities, although a program like icq is more likely.
OK, to answer your questions: Freido - I haven’t pissed anybody off that I know of. About the only place I even post to is here.
Anthracite - How sweet of you to offer to avenge me, ! You are now the coolest gal I know…
CurtC, muppetsoup, Montefort - Well, on the pop up alert from Zone Alarm, it says ‘ping’. And it did happen more than once from the same address. But not more than about 8-10 attempts max per address and some as few as once or twice. And I was not running ICQ (though I have it) or any other online software.
FTR, once I got offline and reconnected the problem stopped. I dont know if its ever happened before as I have only had the firewall for approximately one month or so, but have used the same provider for over a year. It was just a little freaky to have the durn Zone Alarm throwing pop up warnings at me faster than I could close them. To my (limited) knowledge, nothing has actually been done to my computer.
I will log the experience should it ever happen again.
Just out of curiosity, how would I identify the person(s) doing this? I know about samspade.org, but none of the info I get back ever seems to make much sense. Would samspade point me to somewhere I could lodge a complaint if I had this kind of stuff happen again?
including the URL of a reverse-DNS lookup (ARIN) which is in a post in the thread I reference, along with some good descriptions of what is happening via a link to “Firewall Forensics” (also in that thread).
