Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
Alright so i was going through my logs on trend micro internet security, and under the "Personal Firewall" option i found a TON of entries from 192.168.1.1 (my routuer/modem ISP thing) to 192.168.1.43 (my computer). 3 or four happen each minute and i cant help but think that it's a bad thing. my firewall is also blocking things (it seems) fropm my computer to some IP, 224.0.0.22 (apparently it's the IANA). A few of those are blocked every once in a while, and I have no idea why. Do i have some sort of spyware (or virus) on my pc that trend micro isnt picking up? I have a dimension8250, windowsXP professional (5.1, build 2600), 1GB RAM, NVIDIA GeForce4 MX 420, Intel(R) Pentium(R) 4 CPU 2.40GHz.

Please help me

EDIT-the incoming ones are echo requests (i dont know what that means), and the outgoing ones are described as "Security Rule Matched" by trend micro (i also don't know what that means).
 

·
Banned
Joined
·
2,011 Posts
Dear jumba92,
The echo requests can be a DOS attack(Denial Of Service), also called the "ping flood". To block it, you must launch your TM sec. suite, so>
>>> >> click on
>>> >> Start > Programs > Trend Micro PC-cillin > Trend Micro PC-cillin
>> Internet
>>> >> Security 2005( applicable to later versions too).
>>> >>
>>> >> 2.) Click on Network Security.
>>> >>
>>> >> 3.) Click on Personal Firewall. Make sure the Enable Personal
>>> >> Firewall
>>> >> checkbox is selected. Under Edit Profile, choose the currently
>>> >> selected
>>> >> profile on the list (marked by a green circle) and then click on
>>> >> Edit.
>>> >>
>>> >> 4.) Click on the Exception List tab.
>>> >>
>>> >> 5.) Click Add to start creating a new rule.
>>> >> a.) On the Description box type in ICMP
>>> >> b.) Leave Target as all applications
>>> >> c.) Connection, select INCOMING
>>> >> d.) Action, select DENY
>>> >> e.) With Protocol, select ICMP
>>> >> f.) With Ports, select ALL PORTS
>>> >> g.) IP Setting is ALL ADDRESSES
>>> >>
>>> >> 6.) Click OK at the bottom.
>>> >>
>>> >> 7.) On the Exception List, make sure that the new rule created is
>> listed
>>> > and
>>> >> the box before it has a checkmark. Click the OK button once you have
>>> >> verified that the new rule created is listed and checked.
>>> >>
>>> >> 8.) To save the settings click the Apply button below.Source : http://www.tech-archive.net/Archive/WinXP/microsoft.public.windowsxp.general/2005-05/msg12271.html

Best wishes.:):up:

PS: i have no clue as to the "security matching"! There is an option to drop the default TM firewall and install another 3rd party firewall!
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
So I have a slightly different version of trend micro BUT i think i was able to do what you said. So I go to the "Personal Firewall Controls" option on the left, and click on "settings" under "Personal Firewall." This opens up a window where i choose "Change Profile." I then double click on "Direct Internet Connection (currently activated)." Seeking to further follow your instructions I click on the "Network Protocal Control" tab and hit the "Add" button. This opens a new window where I type ICMP as the description, select the Incoming and Block bubbles, and select ICMP (IPv4) under the Protocals dropdown menu. Then I leave the defaults as "All types" and "all IP Adresses." I click "OK" and check to see that it's added to the list and that the box is checked (which it is) and I click "OK" numerous other times for all the other various trend micro windows that I had to open in the process XD.

So, let me know if what I did pretty much matches what you told me to do, if you can, so I know i did it right. So far I havn't seen another request in the log for about 4 minutes, so im pretty sure it worked. Thank you so much :).
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #4 ·
Ok well, i was playing WoW just now and got a huge lag spike, like, 1fps for about 10 seconds. I'm not exactly sure what it's from or anything, but just in case i checked my trend micro logs to find out that the echo requests had not stopped, and since 10 pm today (not the time i changed the settings you requested last post) they stopped being catagorized under the type "Firewall" and started being catagorized under the type "Exception List Rule." Now, I was wondering if this might be something related to WoW, since blizzard has a notification out that they'd be gathering some "Non-personal system info specifications" from all players. Is that what caused my lag spike? or is it the DoS attack that did that? is there any way i can just stop whoever (or whatever) it is from attacking my pc?

EDIT-I just checked Trend micro's official website about a dos attack and potential fixes for it (cuz im i little impatient, not with you, but just anxious to get my pc fixed OK), and it turns out they put some patch out this morning to repair a vulnerability that could let this happen:
http://esupport.trendmicro.com/Page...all-service-vulnerability-allows-malicio.aspx
So i followed all the instructions and the installation went thru ok. The echo requests (by the way) now come once every 6mintues and like, 0.333 seconds(ish). I'll check back, maybe in the morning or afternoon tomorrow (15th) with more updates.
 

·
Banned
Joined
·
2,011 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #6 ·
i downloaded and installed the scanner, but the links on the page i got from you (and even from the ewido website) all point me to AVG link scanner, and all that does is scan links on webpages for threats. dont get me wrong, it's a useful tool that i'll probably use a bunch, but it doesn't solve my problem. I'm still getting echo requests, even with the TM patch and your fix. i checked my modem/router (by plugging in 192.168.1.1 to firefox) and accessed the firewall from there, and i upped the security level from minimum to typical (security), but still no luck, the requests keep coming.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top