Jump to content
Not connected, Your IP: 3.21.12.41
scgt1

Getting notices of ICMP Flood attack from Eset SS directed at my Netgear R7000 router

Recommended Posts

When my computer first boots I get a pop up from Eset SS stated a ICMP Flood Attack is being blocked and the item that it sees as causing it is my actual router. I can close the warning box and when Eddie connects I don't get the notice anymore but as soon as I disconnect from Eddie the popup shows up again. I have a custom ip for my router along with only having an IP range set for connected devices. The only devices that are connected are ones I know about as it is set to deny anything else. I don't see anything show up that isn't allowed on the network under the blocked devices section and the router has the newest fIrmware installed.

 

I've done the test from https://www.grc.com/shieldsup with the following results:

 

Common ports scan

Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
transpixel.gif
graypixel.gif
transpixel.gif
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
transpixel.gif
graypixel.gif
transpixel.gif
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

 

 

upnp test

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

File Sharing test:

1.gifAttempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! reddash.gifYour Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. reddash.gif

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

 

 

Service port check yielded the following open ports:

88 and 89

 

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
transpixel.gif
graypixel.gif
transpixel.gif
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
transpixel.gif
graypixel.gif
transpixel.gif
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

 

 

Alot of network stuff is always way over my head but it seems I have two ports open from the above check and that could be where this icmp bit is coming from?

Share this post


Link to post

Ports 88 and 89 are official Kerberosv5 ports, an authentication protocol used by Active Directory for example. They have little to do with ESET's urge to protect you from threats which are not there.

ESET's being a wimp. While ICMP can be used to DDoS a target, it's extremely unlikely in your case. Go into the settings and look for flood protection, or some other thing with "ICMP" or "flood" in its name.

And don't panic, crush your paranoia.

 

But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities.

 

I smiled reading this. Like, your computer suddenly grew a brain and made its own decision.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Wouldn't be so sure as to Eset "being a wimp" Just checked the router log for the heck of it and had these:

 

[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:56:15
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:56:00
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:55:50
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:54:31
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:54:21
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:53:57
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:25
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:11
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:01
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:51
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:37
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:25
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:10
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:50:57
[self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:50:25

Share this post


Link to post

See the last post on this thread. You could've just run a quick search for this message on DDG, Startpage, etc..


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...