Strange firewall behaviour

Hi all,

My firewall log has been filling up with the following entry.

"Detected covert channel exploit in ICMP packet"

I get a new entry every 3 seconds to a remote address of 194.95.249.23 which resolves to http://www.cfos.de

Here is a screenshot with currports open and it doesn't even show a connection to that address and neither does the firewall activity monitor in ESS.

http://i24.photobucket.com/albums/c11/smakme7757/ICMP.png

Any ideas?

 

Hey jackbrennan2008
There has been a thread about that specific issue before, : https://www.wilderssecurity.com/show...t=Detected covert channel exploit ICMP packet in the last post (11) in the thread, foneil ( eset moderator) links to a solution.

Best of luck

 

I've disabled the notification already. Seeing as that's one of the solution i'll just leave it at that.

Thanks

 

I'm aware that this issue has been resolved, but do you use an ASUS motherboard? One of the utilities included in the accompanying software seems to cause this by pinging the website of the software co-developer. Turning off the utility (via Start>ASUS>AI Suite II> AI Suite II and then in the application Tool>Network iControl> Off) resolves the issue, as does setting the firewall to allow access to the IP in question.