Strange firewall behaviour

Discussion in 'ESET Smart Security' started by jackbrennan2008, Apr 29, 2012.

Thread Status:
Not open for further replies.
  1. jackbrennan2008

    jackbrennan2008 Registered Member

    Joined:
    Feb 22, 2011
    Posts:
    12
    Hi all,

    My firewall log has been filling up with the following entry.

    "Detected covert channel exploit in ICMP packet"

    I get a new entry every 3 seconds to a remote address of 194.95.249.23 which resolves to http://www.cfos.de

    Here is a screenshot with currports open and it doesn't even show a connection to that address and neither does the firewall activity monitor in ESS.

    http://i24.photobucket.com/albums/c11/smakme7757/ICMP.png

    Any ideas?
     
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
  3. jackbrennan2008

    jackbrennan2008 Registered Member

    Joined:
    Feb 22, 2011
    Posts:
    12
    I've disabled the notification already. Seeing as that's one of the solution i'll just leave it at that.

    Thanks :)
     
  4. canoraid

    canoraid Registered Member

    Joined:
    May 10, 2012
    Posts:
    1
    Location:
    Canada
    I'm aware that this issue has been resolved, but do you use an ASUS motherboard? One of the utilities included in the accompanying software seems to cause this by pinging the website of the software co-developer. Turning off the utility (via Start>ASUS>AI Suite II> AI Suite II and then in the application Tool>Network iControl> Off) resolves the issue, as does setting the firewall to allow access to the IP in question.
     
Thread Status:
Not open for further replies.