Incoming Connection Alert!

[dreamworks]

I have Kerio Personal Firewall installed and I am using a DSL broadband service which is left turned on 24/7.

Occasionally I receive this message ..

Incoming Connection Alert!

Time: 04/March 2003 08:34:01
Remote: 61.129.81.139 - ICMP [8] Echo Request

Details: Someone on address 61.129.81.139 wants to send ICMP packet to your machine

Details about application: tcpip kernel driver

What is this btw? Does it mean that there is someone who's running probably a port scanner .. or some kind of scanner to detect who's online and looking for victims with certain vulnerabilities?

Appreciate if someone could help me in this ..

 

[PC-Dude]

Search results for: 61.129.81.139


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

NetRange: 61.0.0.0 - 61.255.255.255
CIDR: 61.0.0.0/8
NetName: APNIC3
NetHandle: NET-61-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: RS2.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1997-04-25
Updated: 2002-09-11

OrgTechHandle: SA90-ARIN
OrgTechName: System Administrator
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: hostmaster@apnic.net

# ARIN WHOIS database, last updated 2003-03-02 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.


Not sure if this helps or not

 

[dreamworks]

Thanks for the info pal .. but the question that I don't understand is what is Kerio Personal Firewall trying to tell me? That I am being scanned or is that just merely a normal notice of something I haven't understood??

Anyone please? :blink:

 

[Kr0m]

It could have been just some ping attempt for various reasons. If Kerio blocked it then I wouldnt be too worried unless it happens constantly.
I'm on PPPoE and I get a tonne of IP's trying to access certain ports. Some are due to infected PC's, some are from P2P programs, and so on. As far as the P2P probes goe, it doesn't happen all the time but only when I get assigned certain IP's when re-connect to the internet. It's pretty obvious in this case that someone that had my IP before me had a P2P Program running. Also happens with Gaming servers.

 

[Geffy]

I used to get echo requests a helluva lot when I had Agnitum, and these would actually slow my entire PC down, I dont think it was the same problem as Krom as I have a static IP.

 

[PseudoKiller]

It is someone scanning your ports. Just deny it and make sure you set it to remember that rule. You shouldnt be bothered with that one agian.

Word of advise if I may. If you get a request from your firewall saying so and so form this ip wants to connect, just deny it. You can always undo it later if it presents a problem. Thats the whole point of a firewall. Dont defeat it purpose.

FYI - port scanning is done via icmp and ping requests are done via udp. just some information from Your Friendly Neighborhood [PseudoKiller]

 

[dreamworks]

Ahhhh .. thanks for all the information. I have guessed the same as well. Will do exactly like what was advised, set a rule to deny all such nonsense.

That was exactly the same scenario as what you explained Krom .. I even had scans from visualtracking.symantec.com for what I don't know ???? :happy:

Anyway .. thanks to all of you once again ! Adiosz ...