Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

unexpected tcp/ip packets from dialup isp??

Status
Not open for further replies.

devassoc

Programmer
Apr 20, 2001
4
US
I wonder if anyone has experienced what we are seeing on
a couple of low cost isps?

We see multiple echo request packets from the network...sometimes more than 20 and then port 135 dce endpoint resolution request packets...Our software echos the icmp echo request packets and sends a reset packet to the dce request but it just doesn't shut them off. At times these packets just take all the bandwidth from the connection and we are unable to access pop3 or send mail via smtp. There are also a few igmp group member request packets but they don't seem bothersome(we just ignore these).

We have a third isp that sends echo request packets and when we echo back the packets are not sent again, which I thought should be the behavior...this particular isp does have a problem in that it frequently issues an unreachable icmp packet, which pretty much ends the connection.

Which leads to my specific questions:

Are these isps just totally bogged down?

Why are they sending these packets?

Is there any solution aside from getting another isp?

Welcome suggestions for well behaving isps.

Thanks in advance.
 
Almost all ISPs will get these. All these show are that you are part of the internet. If your check the source address for these packets, you will find they come from all over the world. (On my ISP in Australia I get ICMPs and attempted TCP port 135 connections from lots of US based DSL ISPs and from places like China.

These are basically "script kiddies" or "crackers" scanning IP addresses to see if "anyone is at home". Just like a an average cat burglar might pick up the telephone book and dial numbers at random on Saturday to see who has gone out for a movie, these guys are hoping that your security is weak.

Make sure that you have a firewall installed that only allows ingoing traffic that you want. This means you want a stateful firewall (that allows the return traffic for transactions your PCs initiate, say from a web browser), and allows allowed outside initiated traffic, say mail to your mail server. Make sure that your internal machines are also correctly configured, patched etc as per the vendors recommendations

So the answer in short is :-
1. This traffic is "normal" for the Internet of today (it's a bad world out there). They are probably not targeting your systems specifically
2. Computer security is something everyone needs to be aware of. Install the appropriate measures (or call in a reputable consultant to advise you)

---------------------------------------
I'm just trying to help, and am not a spokesman for my employer
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top