intrusion of a channel in a hidden icmp

Discussion in 'ESET Smart Security' started by indycool, Sep 11, 2012.

Thread Status:
Not open for further replies.
  1. indycool

    indycool Registered Member

    Joined:
    Sep 11, 2012
    Posts:
    2
    Location:
    France
    Hi evryone,

    sorry for my english, i'll try to explain my problem.

    I just install Eset Smart Security and it seems ii have a problem with my firewall.

    I have this error : intrusion of a channel in a hidden icmp 202.39.224.7 detected all the time !

    I looked and i found this adress on Hinet.net network.

    Is it normal? I tried to make a rule to block the access but can someone explain to me why i have this connexion and how can i block it?

    Thanks a lot.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  3. indycool

    indycool Registered Member

    Joined:
    Sep 11, 2012
    Posts:
    2
    Location:
    France
    Hi dwomack,

    Thanks for the answer, but your link explain how add this adress to the confiance zone.
    Should i trust this adress? I thought i had to block this adress in the firewall?
     
  4. invcitus

    invcitus Registered Member

    Joined:
    Sep 29, 2012
    Posts:
    1
    I have just installed Eset Smart Security 5 and have this exact same problem.

    Every 2 seconds I am getting a notice:

    Detected covert channel exploit in ICMP packet
    Remote IP address:
    202.39.224.7

    Is this something I should investigate further?
     
  5. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    It would be a good idea to contact your local ESET Customer Care/Technical Support department. They should be able to help determine if the detection is real and then help you resolve the issue from there.

    If in North America, the contact page is here: http://www.eset.com/contact
    Otherwise you can use this page to locate your country and contact support from there: http://www.eset.com/us/language-selector/
     
  6. kikurin

    kikurin Registered Member

    Joined:
    Oct 28, 2012
    Posts:
    1
    Location:
    Japan
    Hi. Do you have an ASUS motherboard and have AI Suite II installed to you PC?
    I had the same situation after installing AI Suite II, and successfully got rid of it by uninstalling AI Suite II. Probably one of the application in the AI Suite II would send some information to Taiwan. If installed, try uninstall.
     
  7. passerby8million

    passerby8million Registered Member

    Joined:
    Dec 14, 2012
    Posts:
    1
    Location:
    USA
    I found this thread while searching for 202.39.24.7 because I discovered my computer was pinging that address and I wanted to know why. I eventually discovered that NetSvcHelpEntry.exe (part of the Asus AI Suite II (I have an Asus motherboard)) is the one pinging that address every second.

    What's odd is that Process Monitor would not show any network activity for this process, nor did TCPView (perhaps I used them incorrectly). I had to go through Task Manager and kill one process at a time to figure out which program was responsible for the traffic.
     
  8. ONT

    ONT Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    17
    There are chances that some softwares send information as feedback from your system in order to improve their products.
     
  9. magicmoo

    magicmoo Registered Member

    Joined:
    Jan 9, 2013
    Posts:
    1
    Location:
    France
    Thank you so much for this! I was getting a bit paranoid after setting up my new system with a brand new Asus motherboard, because I bought at the same time some cheap chinese tablet, which I ended up wrongly suspecting of installing some malware on my new computer.

    Anyway, this whole thing is part of the "Network iControl" software from Asus. Just disabled it and the problem will be gone!

    Cheers,
    Denis
     
  10. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Just curious, will this thing also happen to Asus Laptop or just a PC with Asus motherboard?

    Thanks.
     
  11. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
    Hello,

    I think that is a question you'll need to ask ASUS, since they are the ones who are bundling the software.

    Regards,

    Aryeh Goretsky
     
  12. oschikhof

    oschikhof Registered Member

    Joined:
    Jun 8, 2013
    Posts:
    1
    Location:
    NL
    Hi, I was having the same problem, installed several things (including the ASUS tools) after some time and also experienced these notifications from ESET.

    Thanks to this topic, I know it's the Asus software. Triggered by this I digged a little further and I found a very simple solution to get rid of the notifications.
    I don't know if it will work for everybody, but for me it works perfectly.
    (I wanted to share this so I specially registered here for sharing :) )

    I have stopped it by opening the Network iControl.
    Default the setting is "on". When you turn this off, the notifications stop!
    Yes!!

    I hope this will work for everybody who has this problem.
     

    Attached Files:

  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can disable this detection completely in the IDS setup or add the IP address 194.95.249.23 to the list of addresses excluded from active protection in the zone setup.
     
Thread Status:
Not open for further replies.