Incoming Connection Alert!

Discussion in 'Windows Desktop Systems' started by dreamworks, Mar 4, 2003.

  1. dreamworks

    dreamworks --== babyface ==--

    I have Kerio Personal Firewall installed and I am using a DSL broadband service which is left turned on 24/7.

    Occasionally I receive this message ..

    Incoming Connection Alert!

    Time: 04/March 2003 08:34:01
    Remote: - ICMP [8] Echo Request

    Details: Someone on address wants to send ICMP packet to your machine

    Details about application: tcpip kernel driver

    What is this btw? Does it mean that there is someone who's running probably a port scanner .. or some kind of scanner to detect who's online and looking for victims with certain vulnerabilities?

    Appreciate if someone could help me in this .. ;)
  2. PC-Dude

    PC-Dude Guest

    Search results for:

    OrgName: Asia Pacific Network Information Centre
    OrgID: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU

    NetRange: -
    NetName: APNIC3
    NetHandle: NET-61-0-0-0-1
    NetType: Allocated to APNIC
    NameServer: NS1.APNIC.NET
    NameServer: NS3.APNIC.NET
    NameServer: NS.RIPE.NET
    NameServer: RS2.ARIN.NET
    Comment: This IP address range is not registered in the ARIN database.
    Comment: For details, refer to the APNIC Whois Database via
    Comment: WHOIS.APNIC.NET or
    Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. APNIC does not operate networks
    Comment: using this IP address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to
    RegDate: 1997-04-25
    Updated: 2002-09-11

    OrgTechHandle: SA90-ARIN
    OrgTechName: System Administrator
    OrgTechPhone: +61 7 3858 3100

    # ARIN WHOIS database, last updated 2003-03-02 20:00
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Not sure if this helps or not :)
  3. dreamworks

    dreamworks --== babyface ==--

    Thanks for the info pal .. but the question that I don't understand is what is Kerio Personal Firewall trying to tell me? That I am being scanned or is that just merely a normal notice of something I haven't understood??

    Anyone please? :blink:
  4. Kr0m

    Kr0m Moderator

    Turtle Island
    It could have been just some ping attempt for various reasons. If Kerio blocked it then I wouldnt be too worried unless it happens constantly.
    I'm on PPPoE and I get a tonne of IP's trying to access certain ports. Some are due to infected PC's, some are from P2P programs, and so on. As far as the P2P probes goe, it doesn't happen all the time but only when I get assigned certain IP's when re-connect to the internet. It's pretty obvious in this case that someone that had my IP before me had a P2P Program running. Also happens with Gaming servers.
  5. Geffy

    Geffy Moderator Folding Team

    United Kingdom
    I used to get echo requests a helluva lot when I had Agnitum, and these would actually slow my entire PC down, I dont think it was the same problem as Krom as I have a static IP.
  6. PseudoKiller

    PseudoKiller Zug Zug

    Ice Crown Citadel
    It is someone scanning your ports. Just deny it and make sure you set it to remember that rule. You shouldnt be bothered with that one agian.

    Word of advise if I may. If you get a request from your firewall saying so and so form this ip wants to connect, just deny it. You can always undo it later if it presents a problem. Thats the whole point of a firewall. Dont defeat it purpose.

    FYI - port scanning is done via icmp and ping requests are done via udp. just some information from Your Friendly Neighborhood [PseudoKiller]
  7. dreamworks

    dreamworks --== babyface ==--

    Ahhhh .. thanks for all the information. I have guessed the same as well. Will do exactly like what was advised, set a rule to deny all such nonsense.

    That was exactly the same scenario as what you explained Krom .. I even had scans from for what I don't know ???? :happy:

    Anyway .. thanks to all of you once again ! Adiosz ...