ICMP Attack?

Discussion in 'ESET Smart Security v4 Beta Forum' started by YaddaMinski, Dec 7, 2008.

Thread Status:
Not open for further replies.
  1. YaddaMinski

    YaddaMinski Registered Member

    Joined:
    Dec 6, 2008
    Posts:
    28
    See:
    12/6/2008 2:09:03 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 2:08:58 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 2:08:52 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 2:08:47 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 2:08:41 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 2:08:36 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:51:12 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 1:51:07 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 1:51:01 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 1:50:56 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 1:50:50 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 1:50:45 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 12:38:30 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 12:38:25 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 12:38:19 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 12:38:10 PM Detected DNS cache poisoning attack 192.168.0.20:53 192.168.3.28:4976 UDP
    12/6/2008 12:37:56 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 12:37:49 PM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 11:54:39 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 11:54:33 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 11:54:28 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 11:54:22 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 11:54:17 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 11:54:11 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:52:37 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 10:52:31 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 10:52:26 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 10:52:20 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:52:15 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:52:10 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:11:06 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:11:01 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:10:55 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 10:10:50 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 10:10:44 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 10:10:39 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 9:01:04 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 9:00:59 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 9:00:53 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 9:00:48 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP



    12/6/2008 9:00:42 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 9:00:37 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 8:11:33 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 8:11:27 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 8:11:22 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 8:11:16 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 8:11:11 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 8:11:05 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 7:04:31 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 7:04:25 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 7:04:20 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 7:04:14 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 7:04:09 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 7:04:03 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 6:24:59 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 6:24:54 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 6:24:48 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 6:24:43 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 6:24:37 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 6:24:32 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.4.1 ICMP
    12/6/2008 5:09:58 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 5:09:53 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 5:09:47 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 5:09:42 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 5:09:36 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 5:09:31 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 4:52:26 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 4:52:21 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 4:52:16 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.16.3 ICMP
    12/6/2008 4:52:10 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 4:52:04 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 4:51:59 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.0.20 ICMP
    12/6/2008 3:14:25 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 3:14:19 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 3:14:14 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 3:14:08 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:14:03 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:13:57 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:53 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:48 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:42 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:37 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:31 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 3:10:26 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:48 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:43 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:37 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:32 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:26 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:33:21 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:25:20 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:25:15 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:25:05 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.8.25 ICMP
    12/6/2008 1:24:56 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 1:24:48 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP
    12/6/2008 1:24:41 AM Detected covert channel exploit in ICMP packet 192.168.3.28 192.168.12.3 ICMP


    192.168.3.28 is probably the Cisco VPN server host (my company just implemented with Qwest). My IP is 192.168.3.29. The 3rd octet specifies my company's subnets by location. 192.168.0.20 is the DNS server. All routers are Cisco (but I don't know the model numbers). Is this misconfigured routers that need to be tweaked?
     
    YaddaMinski, Dec 7, 2008
    #1
  2. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Sure looks like it. You might want to try it
     
    s4u, Dec 7, 2008
    #2
  3. YaddaMinski

    YaddaMinski Registered Member

    Joined:
    Dec 6, 2008
    Posts:
    28
    If it is mis-configured routers, what is the layman's explanation? Thx.
     
    YaddaMinski, Dec 7, 2008
    #3
  4. qzex

    qzex Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    42
    If there aren't any connection issues or performance decreases, you probably don't have to worry about weird log events. It may just be normal network traffic.
     
    qzex, Dec 7, 2008
    #4
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Can you please send a packet capture from the workstation running ESET Smart Security v4 beta to betasupport@eset.sk with the URL to this message thread? Thank you.

    Regards,

    Aryeh Goretsky
     
    agoretsky, Dec 10, 2008
    #5
  6. YaddaMinski

    YaddaMinski Registered Member

    Joined:
    Dec 6, 2008
    Posts:
    28
    Hi Aryeh,

    Is the packet capture tool in ESET? If not, I would use Wireshark to capture everything for my LAN IP and VPN IP... -- Alex
     
    YaddaMinski, Dec 11, 2008
    #6
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    A Wireshark or Microsoft Network Monitor packet capture is fine.

    Regards,

    Aryeh Goretsky
     
    agoretsky, Dec 11, 2008
    #7
  8. YaddaMinski

    YaddaMinski Registered Member

    Joined:
    Dec 6, 2008
    Posts:
    28
    The last 3 times I have used the Cisco VPN to my office I have seen no more ICMP Exploit messages so maybe it was due to ongoing configuration by our network provider. Thanks for the help and I will post if it happens again. ESET is a great product. Keep up the good work.
     
    YaddaMinski, Dec 15, 2008
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...