i need the nerdy boys again

[GrannyMae]

hiya,

i got nailed with 6 instances of spyware yesterday. they came after a thorough cleansing so i have it nailed down to 2 sites it could have come from.

however, i have a couple of questions.

1. if i have a wireless router in my home, is it possible that a neighbor could install a keylogger virus by tapping in my network.

and

2. can someone tell me in plain english what it means when i get dozens of incomming ICMP Pings?

here is an example from my firewall event log


2005/02/06
01:36:59
172.159.225.252:0 (AC9FE1FC.ipt.aol.com) 172.159.106.112:0

event:
ICMP Ping

event information:
A computer at AC9FE1FC.ipt.aol.com has pinged your computer.



there are dozens of these in a day. all the pings are coming from computers described like this AC9FE1FC.ipt.aol.com

could this be AOL pinging for connectivity issues?

ty

[JAque]

It is most likely AOL testing the system. I will send them an e-mail to verify. However, it can be used maliciously.

JAque

Attacks Illustrated
Phase I – Reconnaissance & Scanning
ICMP Sweep
In any typical attack scenario, the attacker will first engage in some reconnaissance and
scanning activities in order to
1. Better understand the environment of the target
2. Gather information about the target so as to plan the attack approach
3. Employ the right techniques & tools for the subsequent attack phases
One of the most common (albeit noisy) and most well understood technique for
discovering the range of hosts which are alive in the target’s environment is to perform a
ICMP sweep of the entire target’s network range.
An ICMP sweep involves essentially sending a series of ICMP request packets to the
target network range and from the list of ICMP replies infer whether certain hosts are
alive and connected to the target’s network for further probing.
Although the above attack can be done manually via a very simple command ping, many
automated scanning tools (E.g. nmap (http://www.insecure.org/nmap) and Superscan
(http://www.foundstone.com/rdlabs/pro...superscan.html)) will speed up the entire
scanning process by performing such a scan on all possible IP address range given a
target network

[GrannyMae]

I will send them an e-mail to verify.

u my hero S. please let me know if they answer. i was hoping that it was possibly an AOL thing. i used to be in the connectivity beta program but that was 6 months ago.

i disconeected my router today. i don't know if that was needed, but i'll just plug it up when i need the simultaneous sign-ons. i hate this crap.

thx again

[RollaJ]

Who woulda thunk it......AOL screwing up yet another computer [img]/images/graemlins/confused.gif[/img] [img]/images/graemlins/tongue.gif[/img]

[Hojglad]

[ QUOTE ]
I will send them an e-mail to verify.

u my hero S. please let me know if they answer. i was hoping that it was possibly an AOL thing. i used to be in the connectivity beta program but that was 6 months ago.

i disconeected my router today. i don't know if that was needed, but i'll just plug it up when i need the simultaneous sign-ons. i hate this crap.

thx again

[/ QUOTE ]
AOL doesn't send out random pings to various addresses on the internet. Its users do, though. All someone was trying to do was see if your address responded to ICMP (ping) packets. Just a stupid kiddie h4x0r that's trying to be leet. Pay no mind. If you want, you can probably configure your router to drop ICMP requests so that when they do this crap it will look to them like your IP address doesn't exist.

[JAque]

I hope you are using a secured wireless connection.

More detailed info

I don't have AOL so they may not respond to me, you may want also send support a quick e-mail about the ICMP ping


JAque

[GrannyMae]

If you want, you can probably configure your router to drop ICMP requests so that when they do this crap it will look to them like your IP address doesn't exist.

i saw this option but was afraid that perhaps poker sites or casinos ping and was afraid to block all pings.

don't laught at me, i REALLY don't know about these security things and pings are something i thought were purely for diagnostics until yesterday.

[Hung]

I have a wireless lan too and it's secured. I have mac address limited to my pc's. I have a firewall, anti-virus, anti spyware etc. But my pc is doing weird stuff.
I'm afraid someone is hacking me. It's not real, but somehow I don't feel secure.
All these new tools to hack into someones pc is freaking us all. I have so many poker accounts with money on each of them. If they manage to log in, I'll be in big trouble.

[Hojglad]

[ QUOTE ]
If you want, you can probably configure your router to drop ICMP requests so that when they do this crap it will look to them like your IP address doesn't exist.

i saw this option but was afraid that perhaps poker sites or casinos ping and was afraid to block all pings.

don't laught at me, i REALLY don't know about these security things and pings are something i thought were purely for diagnostics until yesterday.

[/ QUOTE ]
Your router need not respond to ICMP requests to play poker. I have them disabled on mine.

[GrannyMae]

I hope you are using a secured wireless connection.

i have no clue, but this is what i will be trying to figure out (at least for next 40 minutes or so when the poker invitational on nbc starts)

i have a firewall on all three computers and assumed that was all i need when i got the router. however, one of the critters yesterday was a nastyass key logger that the specs (old specs) said it needed manual installation. that is why i was wondering about the neighbor part. it was not someone in my household. also, i saw something on dateline or 20-20 the other day that said people drive around sniffing for wireless networks, so i need to educate myself on this quickly.

that's why i unplugged the router. i will dig thru the practically networked link now. lemme know if AOL responds. i'm going to send my firewall log to them.

ty