Using ess 4.2.64.12, Virus database 5421 with Windows7

Discussion in 'ESET Smart Security' started by AlwaysLearning, Sep 3, 2010.

Thread Status:
Not open for further replies.
  1. AlwaysLearning

    AlwaysLearning Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    22
    I am using ess 4.2.64.12, Virus database 5421 with Windows7 and see
    these messages in the Firewall log ...

    9/3/2010 6:38:37 AM Detected covert channel exploit in ICMP packet 192.168.1.5 207.99.0.1 ICMP
    9/3/2010 6:38:36 AM Detected covert channel exploit in ICMP packet 192.168.1.5 207.99.0.1 ICMP
    9/3/2010 6:38:35 AM Detected covert channel exploit in ICMP packet 192.168.1.5 207.99.0.1 ICMP
    9/3/2010 6:38:34 AM Detected covert channel exploit in ICMP packet 192.168.1.5 207.99.0.1 ICMP

    Tthe IP address, 207.99.0.1, is the DNS that I use ... it is set in my
    hardware firewall.

    What is this error condition?

    How should it be cured?

    Any/all suggestons/comments accepted and appreciated.

    Thanks ...

    --Always Learning
     
  2. picomanico

    picomanico Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    19
    Hi, do you have any tv program in your computer, for example, to watch football games?
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If the IP 207.99.0.1 belongs to a trusted device, add the IP to the list of addresses excluded from active protection in the zone setup.
     
  4. AlwaysLearning

    AlwaysLearning Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    22
    I see that picomanico inquired ...

    > Hi, do you have any tv program in your computer,
    > for example, to watch football games?

    No. ... Don't watch TV; ot using PC for that. Still installing applications.

    I alsoo saw that Marcos suggested ...

    > If the IP 207.99.0.1 belongs to a trusted device, add the IP to the
    > list of addresses excluded from active protection in the zone setup.

    Good suggestion ... that IP (207.99.0.1) is already in the trusted zone.

    BTW, the firewall log shows another similar entry ...

    > 9/4/2010 9:09:53 AM Detected covert channel exploit in ICMP packet
    > 192.168.1.6 206.65.182.93 ICMP

    According to whois.arin.net, his one is from an IP owned by ...

    > MCI Communications Services, Inc. d/b/a Verizon Business (MCICS)

    ... and is probably a zombie.

    I am still wondering about the first detection
    (covert channel exploit 192.168.1.5 207.99.0.1)

    Any/all suggestons/comments accepted and appreciated.

    Thanks ...

    --Always Learning
     
Thread Status:
Not open for further replies.