?
Solved

Ping of death from my XP Pro workstation logged in Zyxel firewall reports

Posted on 2005-04-25
19
Medium Priority
?
3,187 Views
Last Modified: 2013-12-14
I have a Zyxel Prestige 660H ADSL NAT router/firewall, on a mixed workgroup network (3 XP Pro, 1 Win2k, 1 Redhat Linux 9 with Samba).

I get it to email me its attack logs, and I have been seeing a lot of the following since last Friday (22 April) ...

No. Time                  Source IP              Destination IP         Note
                             
 1|04/22/2005 17:21:51  |192.168.1.3           |212.187.131.129       |ATTACK
                         
   ping of death. ICMP(type:0, code:0)
 2|04/22/2005 17:21:51  |192.168.1.3           |212.187.131.129       |ATTACK
                         
   ping of death. ICMP(type:8, code:0)

The destination IP has always been 212.187.131.129 or 212.187.131.133, and there have been 1 or 2 attacks per day. The source IP is always my main XP Pro machine. The destination IPs are in a big Internet gateway in London, two hops from my ISP.

I run NOD32 Anti-Virus here, always kept up to date, and it has not detected anything. I also run Ad-Aware, and it hasn't detected anything either.

Has anyone got an explanation of why these are occurring?

Nikki
0
Comment
Question by:nikkilocke
16 Comments
 
LVL 2

Author Comment

by:nikkilocke
ID: 13867021
Perhaps this is a difficult question? I have increased the points value to 500 to see if it triggers a response.
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 13870417
Hi Nikki,
Here are a couple of thoghts:

1. perhaps the source ip address is being spoofed - it might not be the XP machine that is actually sending these pings.
Can you find out what MAC address is sending the pings?

2. you could try a different anti-virus such as Norton/Symantec.

HTH
CajunBill
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 13870443
Also, what version of NOD32 are you runnning?  The following was on the product web site:
Eset to discontinue the update of NOD32 Version 1
 
Jan 5 th 2005
 
Eset, producer of NOD32 antivirus, announced today discontinuing of virus definition updates for its product NOD32 Version 1. All the current users using the NOD32 Version 1 are advised to upgrade to the current NOD32 Version 2. The following document describes the steps to upgrade your NOD32 Version 1 to NOD32 Version 2. To find out what version of NOD32 you are currently using, click here.
The upgrade to NOD32 Version 2 is free for all the current NOD32 subscribers. If you are not able to use the NOD32 Version 2, please, let us know so that we can assist you.

 
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 6

Assisted Solution

by:Technicon-SG
Technicon-SG earned 600 total points
ID: 13870464
Check your running processes on the machines...see if anything looks out of the ordinary.  Ad-Aware will not catch all trojans/malware.

It may also be that the router is detecting nomal "host alive" checks and misinterpreting them.

you can use a software like AnalogX PacketMon to see more information on how often the packets are being transmited...connect a hub (not a switch) between your network and the Zytel...then connect your Monitor PC (the one you load the software on) to the hub.  Like this:

Zytel--------- |
                   |
Network----- | Hub
                   |
Monitor PC-- |

The monitor pc will be able to report all trafic that is running on the LAN.  At least the will tell you exactly what is going on.

Here is a link to the software:
http://www.analogx.com/contents/download/network/pmon.htm
0
 
LVL 2

Author Comment

by:nikkilocke
ID: 13874867
Thanks for the responses.
I am running NOD32 Version 2 (have been for ages).
I don't have a hub, unfortunately. I'll see if I can add more logging in the router.
Here is a HijackThis log for the machine in question...
Logfile of HijackThis v1.99.1
Scan saved at 09:20:19, on 27/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Quickenw\QAGENT.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PerSono\PersTray.exe
C:\Program Files\Quickenw\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Perl\bin\wperl.exe
C:\Program Files\PVSW\Bin\w3dbsmgr.exe
C:\Documents and Settings\nikki\My Documents\Visual Studio Projects\TimeSheet\TimeSheet\bin\Debug\TimeSheet.exe
C:\wigwam\VASCHD32.EXE
C:\wigwam\va6.exe
C:\BIN\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/nikki/My%20Documents/Index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: mrtg.lnk = C:\Program Files\Perl\bin\wperl.exe
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Program Files\PVSW\Bin\w3dbsmgr.exe
O4 - Startup: TimeSheet.Net.lnk = C:\Documents and Settings\nikki\My Documents\Visual Studio Projects\TimeSheet\TimeSheet\bin\Debug\TimeSheet.exe
O4 - Startup: VA Scheduler.lnk = C:\wigwam\VASCHD32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Perstray.lnk = C:\Program Files\PerSono\PersTray.exe
O4 - Global Startup: Query Time Server.lnk = C:\Program Files\NISTime\nistime-32bit.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quickenw\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.trumphurst.com
O16 - DPF: GIC - https://www.ib.albb.co.uk/ebs/ie/classes.cab
O16 - DPF: UKOnLineSigningApplet - https://secure.gateway.gov.uk/java/UKOnLineSigningApplet.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2D9F7B63-EC7C-43FF-A41D-6E9EC984A5B9} (GGSecSign Class) - https://secure.gateway.gov.uk/java/GGSecSign.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (Interconnect Resources) - https://www.ib.albb.co.uk/ebs/ie/gic.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned33.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9688513F-37F4-4450-8653-EF2EEF8634C7}: NameServer = 217.146.99.22,217.146.107.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BA159D-B140-4567-AA3C-8079F389BF7B}: NameServer = 217.146.99.22,217.146.107.3
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pervasive IDS - Pervasive Software Inc. - C:\progra~1\PVSW\Bin\dataserv.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

0
 
LVL 2

Author Comment

by:nikkilocke
ID: 13874887
P.S. The Ping of Death "attacks" are happening about once every 5 hours (as I found when I left my machine on overnight to do a backup).
0
 
LVL 2

Author Comment

by:nikkilocke
ID: 14108058
Well, the ping of death is still happening, and I would still love an answer!
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 14108653
Nickki, did you try the things that I and Technicon suggested? (essentially, doing more monitoring?)
0
 
LVL 2

Author Comment

by:nikkilocke
ID: 14108759
The pings of death only happen when the computer at 192.168.1.3 is switched on.

The firewall says...

 3|05/13/2005 11:55:19  |192.168.1.3           |212.187.131.1         |ATTACK    ping of death. ICMP(type:0, code:0)
 4|05/13/2005 11:55:19  |192.168.1.3           |212.187.131.1         |ATTACK    ping of death. ICMP(type:8, code:0)

I started TdiMon from sysinternals, and ran it over the period when the pings of death were logged. Here is an example from that log (note 1 hr time difference due to DST)...

40  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_CREATE  TCP:Control obj  
TCP:Control obj  SUCCESS  
41  12:55:04  va32.exe:3112  81B06780  IRP_MJ_CREATE  TCP:Control obj  
TCP:Control obj  SUCCESS  
42  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
43  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
44  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
45  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
46  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
47  12:55:04  va32.exe:3112  81D08AF0  IRP_MJ_DEVICE_CONTROL  TCP:Control obj  IOCTL_TCP_QUERY_INFORMATION_EX  
IOCTL_TCP_QUERY_INFORMATION_EX  SUCCESS  
48  12:55:05  Inet32.exe:1628  81C95778  IRP_MJ_CREATE  TCP:0.0.0.0:0  Address Open  
Address Open  SUCCESS  
49  12:55:05  Inet32.exe:1628  81C95778  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1441  Error Event  
Error Event  SUCCESS  
50  12:55:05  Inet32.exe:1628  81C95778  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1441  Disconnect Event  
Disconnect Event  SUCCESS  
51  12:55:05  Inet32.exe:1628  81C95778  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1441  Receive Event  
Receive Event  SUCCESS  
52  12:55:05  Inet32.exe:1628  81C95778  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1441  Expedited Receive Event  
Expedited Receive Event  SUCCESS  
53  12:55:05  Inet32.exe:1628  81C95778  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1441  Chained Receive Event  
Chained Receive Event  SUCCESS  
54  12:55:05  Inet32.exe:1628  81C95778  TDI_QUERY_INFORMATION  TCP:0.0.0.0:1441  Query Address  
Query Address  SUCCESS  
55  12:55:05  Inet32.exe:1628  81F93E40  IRP_MJ_CREATE  TCP:Connection obj  Context:0x82222F10  
Context:0x82222F10  SUCCESS  
56  12:55:05  Inet32.exe:1628  81F93E40  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:0.0.0.0:1441  
TCP:0.0.0.0:1441  SUCCESS  
57  12:55:05  Inet32.exe:1628  81F93E40  TDI_CONNECT  TCP:0.0.0.0:1441  216.154.195.50:110  
58  12:55:05  System:4  81D17C70  IRP_MJ_CLEANUP  TCP:<none>  
TCP:<none>  SUCCESS  
59  12:55:05  System:4  81D17C70  IRP_MJ_CLOSE  TCP:<none>  
TCP:<none>  SUCCESS  
60  12:55:05  System:4  81D17C70  IRP_MJ_CREATE  TCP:Connection obj  Context:0x81D8B9F0  
Context:0x81D8B9F0  SUCCESS  
61  12:55:05  System:4  81D17C70  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:0.0.0.0:445  
TCP:0.0.0.0:445  SUCCESS  
62  12:55:05  System:4  81D17C70  IRP_MJ_DEVICE_CONTROL  TCP:0.0.0.0:445  IOCTL_TCP_SET_INFORMATION_EX  
IOCTL_TCP_SET_INFORMATION_EX  SUCCESS  
63  12:55:05  System:4  81F7FAF8  IRP_MJ_CREATE  TCP:Connection obj  Context:0x81DB6E98  
Context:0x81DB6E98  SUCCESS  
64  12:55:05  System:4  81C31240  IRP_MJ_CREATE  TCP:0.0.0.0:0  Address Open  
Address Open  SUCCESS  
65  12:55:05  System:4  81C31240  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1442  Error Event  
Error Event  SUCCESS  
66  12:55:05  System:4  81C31240  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1442  Receive Event  
Receive Event  SUCCESS  
67  12:55:05  System:4  81C31240  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1442  Disconnect Event  
Disconnect Event  SUCCESS  
68  12:55:05  System:4  81F7FAF8  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:0.0.0.0:1442  
TCP:0.0.0.0:1442  SUCCESS  
69  12:55:05  System:4  81F7FAF8  IRP_MJ_DEVICE_CONTROL  TCP:0.0.0.0:1442  IOCTL_TCP_SET_INFORMATION_EX  
IOCTL_TCP_SET_INFORMATION_EX  SUCCESS  
70  12:55:05  System:4  81D1ED18  IRP_MJ_CLEANUP  TCP:<none>  
TCP:<none>  SUCCESS  
71  12:55:05  System:4  81D1ED18  IRP_MJ_CLOSE  TCP:<none>  
TCP:<none>  SUCCESS  
72  12:55:05  System:4  8229F5C0  IRP_MJ_CREATE  TCP:Connection obj  Context:0x81D2F728  
Context:0x81D2F728  SUCCESS  
73  12:55:05  System:4  8229F5C0  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:192.168.1.3:139  
TCP:192.168.1.3:139  SUCCESS  
74  12:55:05  System:4  8229F5C0  IRP_MJ_DEVICE_CONTROL  TCP:192.168.1.3:139  IOCTL_TCP_SET_INFORMATION_EX  
IOCTL_TCP_SET_INFORMATION_EX  SUCCESS  
75  12:55:05  System:4  81FC3E68  IRP_MJ_CREATE  TCP:Connection obj  Context:0x81BDEBD0  
Context:0x81BDEBD0  SUCCESS  
76  12:55:05  System:4  82115E40  IRP_MJ_CREATE  TCP:192.168.1.3:0  Address Open  
Address Open  SUCCESS  
77  12:55:05  System:4  82115E40  TDI_SET_EVENT_HANDLER  TCP:192.168.1.3:1443  Error Event  
Error Event  SUCCESS  
78  12:55:05  System:4  82115E40  TDI_SET_EVENT_HANDLER  TCP:192.168.1.3:1443  Receive Event  
Receive Event  SUCCESS  
79  12:55:05  System:4  82115E40  TDI_SET_EVENT_HANDLER  TCP:192.168.1.3:1443  Disconnect Event  
Disconnect Event  SUCCESS  
80  12:55:05  System:4  81FC3E68  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:192.168.1.3:1443  
TCP:192.168.1.3:1443  SUCCESS  
81  12:55:05  System:4  81FC3E68  IRP_MJ_DEVICE_CONTROL  TCP:192.168.1.3:1443  IOCTL_TCP_SET_INFORMATION_EX  
IOCTL_TCP_SET_INFORMATION_EX  SUCCESS  
82  12:55:05  System:4  81D20C70  IRP_MJ_CLEANUP  TCP:<none>  
TCP:<none>  SUCCESS  
83  12:55:05  System:4  81D20C70  IRP_MJ_CLOSE  TCP:<none>  
TCP:<none>  SUCCESS  
84  12:55:05  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:50  
Length:50  SUCCESS  
SUCCESS  216.154.195.50:110  SUCCESS-85  
86  12:55:05  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:18 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
87  12:55:05  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:29  
Length:29   SUCCESS  
88  12:55:05  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:24 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
89  12:55:05  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:17  
90  12:55:05  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:16 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
Length:16 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH   SUCCESS-91  
92  12:55:05  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:6  
93  12:55:05  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:15 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
Length:15 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH   SUCCESS-94  
95  12:55:05  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:6  
96  12:55:05  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:50  
Length:50  SUCCESS  
97  12:55:05  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:1103 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
Length:1103 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH   SUCCESS-98  
99  12:55:06  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:8  
100  12:55:06  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:14 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
Length:14 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH   SUCCESS-101  
102  12:55:06  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:50  
Length:50  SUCCESS  
103  12:55:06  Skype.exe:1512  81BCB3D0  TDI_SEND  TCP:192.168.1.3:1052  Length:15  
104  12:55:06  Inet32.exe:1628  81F93E40  TDI_SEND  TCP:0.0.0.0:1441  216.154.195.50:110  Length:6  
105  12:55:06  Inet32.exe:1628  81C95778  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  Length:14 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
Length:14 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH   SUCCESS-106  
107  12:55:06  Inet32.exe:1628  81F93E40  TDI_DISCONNECT  TCP:0.0.0.0:1441  216.154.195.50:110  
108  12:55:06  Inet32.exe:1628  81C95778  TDI_EVENT_DISCONNECT  TCP:0.0.0.0:1441  216.154.195.50:110  
216.154.195.50:110  SUCCESS  RELEASE  
RELEASE   SUCCESS-109  
110  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  140.192.172.203:26001  Length:62  
Length:62  SUCCESS  
111  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  222.151.72.231:16550  Length:62  
Length:62  SUCCESS  
112  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  68.174.145.254:15674  Length:62  
Length:62  SUCCESS  
113  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  69.132.99.137:63090  Length:62  
Length:62  SUCCESS  
114  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  219.77.29.216:51102  Length:62  
Length:62  SUCCESS  
115  12:55:07  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  84.121.130.155:45204  Length:62  
Length:62  SUCCESS  
116  12:55:07  va32.exe:3112  81D08AF0  IRP_MJ_CLEANUP  TCP:Control obj  
TCP:Control obj  SUCCESS  
117  12:55:07  va32.exe:3112  81D08AF0  IRP_MJ_CLOSE  TCP:Control obj  
TCP:Control obj  SUCCESS  
118  12:55:07  va32.exe:3112  81B06780  IRP_MJ_CLEANUP  TCP:Control obj  
TCP:Control obj  SUCCESS  
119  12:55:07  va32.exe:3112  81B06780  IRP_MJ_CLOSE  TCP:Control obj  
TCP:Control obj  SUCCESS  
120  12:55:09  Skype.exe:1512  81BF67E8  TDI_SEND_DATAGRAM  UDP:0.0.0.0:12549  219.77.29.216:51102  Length:62  Length:62  SUCCESS  
121  12:55:09  System:4  81F7FAF8  TDI_CONNECT  TCP:0.0.0.0:1442  192.168.1.4:445  
122  12:55:14  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.4:137  Length:50  Length:50  SUCCESS  
123  12:55:16  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.4:137  Length:50  Length:50  SUCCESS  
124  12:55:17  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.4:137  Length:50  Lngth:50  SUCCESS  
125  12:55:19  System:4  81FC3E68  IRP_MJ_CLEANUP  TCP:192.168.1.3:1443  TCP:192.168.1.3:1443  SUCCESS  
126  12:55:19  System:4  81FC3E68  IRP_MJ_CLOSE  TCP:192.168.1.3:1443 TCP:192.168.1.3:1443  SUCCESS  
127  12:55:19  System:4  82115E40  IRP_MJ_CLEANUP  TCP:192.168.1.3:1443  TP:192.168.1.3:1443  SUCCESS  
128  12:55:23  svchost.exe:972  82075D88  TDI_SEND_DATAGRAM  UDP:0.0.0.0:1042  217.146.99.22:53  Length:30  
Length:30  SUCCESS  
129  12:55:23  nod32krn.exe:172  822A7F40  IRP_MJ_CREATE  TCP:0.0.0.0:0  Address Open  
Address Open  SUCCESS  
130  12:55:23  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Error Event  
Error Event  SUCCESS  
131  12:55:23  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Disconnect Event  
Disconnect Event  SUCCESS  
132  12:55:23  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Receive Event  
Receive Event  SUCCESS  
133  12:55:23  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Expedited Receive Event  
Expedited Receive Event  SUCCESS  
134  12:55:23  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Chained Receive Event  
Chained Receive Event  SUCCESS  
135  12:55:23  nod32krn.exe:172  822A7F40  TDI_QUERY_INFORMATION  TCP:0.0.0.0:1444  Query Address  
Query Address  SUCCESS  
136  12:55:23  nod32krn.exe:172  8228B2A8  IRP_MJ_CREATE  TCP:Connection obj  Context:0x81CC1CF0  
Context:0x81CC1CF0  SUCCESS  
137  12:55:23  nod32krn.exe:172  8228B2A8  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:0.0.0.0:1444  
TCP:0.0.0.0:1444  SUCCESS  
138  12:55:23  nod32krn.exe:172  8228B2A8  TDI_CONNECT  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  194.213.194.29:80  SUCCESS  
139  12:55:23  nod32krn.exe:172  8228B2A8  TDI_SEND  TCP:0.0.0.0:1444  194.213.194.29:80  Length:229  
Length:229   SUCCESS  
140  12:55:23  nod32krn.exe:172  822A7F40  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:264 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
141  12:55:23  nod32krn.exe:172  8228B2A8  TDI_RECEIVE  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
143  12:55:24  nod32krn.exe:172  822A7F40  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:1260 Flags: LOOKAHEAD DISPATCH  
144  12:55:24  nod32krn.exe:172  8228B2A8  TDI_RECEIVE  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
146  12:55:24  nod32krn.exe:172  822A7F40  TDI_EVENT_DISCONNECT  TCP:0.0.0.0:1444  194.213.194.29:80  
194.213.194.29:80  SUCCESS  RELEASE  
147  12:55:24  nod32krn.exe:172  8228B2A8  TDI_DISCONNECT  TCP:0.0.0.0:1444  
TCP:0.0.0.0:1444  SUCCESS  RELEASE  
148  12:55:24  nod32krn.exe:172  8228B2A8  TDI_DISASSOCIATE_ADDRESS  TCP:0.0.0.0:1444  
TCP:0.0.0.0:1444  SUCCESS  
149  12:55:24  nod32krn.exe:172  8228B2A8  IRP_MJ_CLEANUP  TCP:Connection obj  
TCP:Connection obj  SUCCESS  
150  12:55:24  nod32krn.exe:172  8228B2A8  IRP_MJ_CLOSE  TCP:Connection obj  
TCP:Connection obj  SUCCESS  
151  12:55:24  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Error Event: NULL  
Error Event: NULL  SUCCESS  
152  12:55:24  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Disconnect Event: NULL  
Disconnect Event: NULL  SUCCESS  
153  12:55:24  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Receive Event: NULL  
Receive Event: NULL  SUCCESS  
154  12:55:24  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Expedited Receive Event: NULL  
Expedited Receive Event: NULL  SUCCESS  
155  12:55:24  nod32krn.exe:172  822A7F40  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1444  Chained Receive Event: NULL  
Chained Receive Event: NULL  SUCCESS  
156  12:55:24  nod32krn.exe:172  822A7F40  IRP_MJ_CLEANUP  TCP:0.0.0.0:1444  
TCP:0.0.0.0:1444  SUCCESS  
157  12:55:24  nod32krn.exe:172  81D1A3B0  IRP_MJ_CREATE  TCP:0.0.0.0:0  Address Open  
Address Open  SUCCESS  
158  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Error Event  
Error Event  SUCCESS  
159  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Disconnect Event  
Disconnect Event  SUCCESS  
160  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Receive Event  
Receive Event  SUCCESS  
161  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Expedited Receive Event  
Expedited Receive Event  SUCCESS  
162  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Chained Receive Event  
Chained Receive Event  SUCCESS  
163  12:55:24  nod32krn.exe:172  81D1A3B0  TDI_QUERY_INFORMATION  TCP:0.0.0.0:1445  Query Address  
Query Address  SUCCESS  
164  12:55:24  nod32krn.exe:172  821C32F8  IRP_MJ_CREATE  TCP:Connection obj  Context:0x82284008  
Context:0x82284008  SUCCESS  
165  12:55:24  nod32krn.exe:172  821C32F8  TDI_ASSOCIATE_ADDRESS  TCP:Connection obj  TCP:0.0.0.0:1445  
TCP:0.0.0.0:1445  SUCCESS  
166  12:55:24  nod32krn.exe:172  821C32F8  TDI_CONNECT  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  194.213.194.29:80  SUCCESS  
167  12:55:24  nod32krn.exe:172  821C32F8  TDI_SEND  TCP:0.0.0.0:1445  194.213.194.29:80  Length:229  
Length:229   SUCCESS  
168  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:272 Flags: ENTIRE_MESSAGE LOOKAHEAD DISPATCH  
169  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
171  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:1260 Flags: LOOKAHEAD DISPATCH  
172  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
174  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  Length:944 Flags: ENTIRE_MESSAGE LOOKAHEAD  
175  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:1260 Flags: LOOKAHEAD DISPATCH  
176  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
178  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:944 Flags: ENTIRE_MESSAGE LOOKAHEAD  
179  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
181  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:1260 Flags: LOOKAHEAD DISPATCH  
182  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
184  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  MORE_PROCESSING_REQUIRED  Length:1260 Flags: LOOKAHEAD DISPATCH  
185  12:55:25  nod32krn.exe:172  821C32F8  TDI_RECEIVE  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  
187  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_EVENT_DISCONNECT  TCP:0.0.0.0:1445  194.213.194.29:80  
194.213.194.29:80  SUCCESS  RELEASE  
188  12:55:25  nod32krn.exe:172  821C32F8  TDI_DISCONNECT  TCP:0.0.0.0:1445  
TCP:0.0.0.0:1445  SUCCESS  RELEASE  
189  12:55:25  nod32krn.exe:172  821C32F8  TDI_DISASSOCIATE_ADDRESS  TCP:0.0.0.0:1445  
TCP:0.0.0.0:1445  SUCCESS  
190  12:55:25  nod32krn.exe:172  821C32F8  IRP_MJ_CLEANUP  TCP:Connection obj  
TCP:Connection obj  SUCCESS  
191  12:55:25  nod32krn.exe:172  821C32F8  IRP_MJ_CLOSE  TCP:Connection obj  
TCP:Connection obj  SUCCESS  
192  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Error Event: NULL  
Error Event: NULL  SUCCESS  
193  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Disconnect Event: NULL  
Disconnect Event: NULL  SUCCESS  
194  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Receive Event: NULL  
Receive Event: NULL  SUCCESS  
195  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Expedited Receive Event: NULL  
Expedited Receive Event: NULL  SUCCESS  
196  12:55:25  nod32krn.exe:172  81D1A3B0  TDI_SET_EVENT_HANDLER  TCP:0.0.0.0:1445  Chained Receive Event: NULL  
Chained Receive Event: NULL  SUCCESS  
197  12:55:25  nod32krn.exe:172  81D1A3B0  IRP_MJ_CLEANUP  TCP:0.0.0.0:1445  
TCP:0.0.0.0:1445  SUCCESS  
SUCCESS  TIMEOUT-198  
199  12:55:30  System:4  81F7FAF8  IRP_MJ_CLEANUP  TCP:0.0.0.0:1442  
TCP:0.0.0.0:1442  SUCCESS  
200  12:55:30  System:4  81F7FAF8  IRP_MJ_CLOSE  TCP:0.0.0.0:1442  
TCP:0.0.0.0:1442  SUCCESS  
201  12:55:30  System:4  81C31240  IRP_MJ_CLEANUP  TCP:0.0.0.0:1442  
TCP:0.0.0.0:1442  SUCCESS  
202  12:55:30  System:4  81D89C70  IRP_MJ_CLEANUP  TCP:<none>  
TCP:<none>  SUCCESS  
203  12:55:30  System:4  81D89C70  IRP_MJ_CLOSE  TCP:<none>  
TCP:<none>  SUCCESS  
204  12:55:30  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
205  12:55:31  msnmsgr.exe:900  821C4268  TDI_SEND  TCP:192.168.1.3:1039  Length:5  
Length:5   SUCCESS  
206  12:55:32  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
207  12:55:33  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
208  12:55:35  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
209  12:55:36  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:193  
Length:193  SUCCESS  
210  12:55:37  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:193  
Length:193  SUCCESS  
211  12:55:38  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:193  
Length:193  SUCCESS  
212  12:55:39  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:193  
Length:193  SUCCESS  
213  12:55:40  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
214  12:55:41  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
215  12:55:42  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
216  12:55:43  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
217  12:55:43  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
218  12:55:44  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
219  12:55:45  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
220  12:55:46  System:4  82285BE0  TDI_SEND_DATAGRAM  UDP:192.168.1.3:137  192.168.1.255:137  Length:68  
Length:68  SUCCESS  
221  12:55:46  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
222  12:55:46  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:181  
Length:181  SUCCESS  
223  12:55:46  System:4  822A6480  TDI_SEND_DATAGRAM  UDP:192.168.1.3:138  192.168.1.255:138  Length:211  
Length:211  SUCCESS  

0
 
LVL 7

Accepted Solution

by:
CajunBill earned 900 total points
ID: 14109343
Unfortunately TDIMon does not monitor ping.
I tried to download the user manual for the Zyxel Prestige 660H but there seems to be something wrong on their website, or else they are blocking it intentionally.
Since you have the router I assmue you have the user manual - it may be that the settings are too sensitive.
In other words it may be that the router is recognizing something as "ping of death" that is not really so.

See if you can set the router to change those settings a little, or at least to block outgoing pings from your systems.
Bill

0
 
LVL 2

Author Comment

by:nikkilocke
ID: 14109404
Thanks.
I didn't know TDIMon didn't monitor ping (why not?).
Is there anything that will monitor ping, and identify which program is doing the pinging?

The Zyxel can be configured to log attacks, but there does not seem to be any fine grain control over what it considers to be an attack.
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 14109728
Let me clarify - from reading their website it seems that TDIMon doesn't monitor ping.  This is because communications is done in layers, and TDIMon sems to only deal with layer 4, but ping happens at layer 3.  I have not downloaded TDIMon but from reading their web site this seems to be what they are doing.

The method suggested by Technicon would help, or you could download the free Ethereal monitor.
I'll learn a little more about TDIMon to double check my belief about it.
Bill
0
 
LVL 2

Author Comment

by:nikkilocke
ID: 14128992
Unfortunately I don't have a hub - my network is all switched.
0
 
LVL 2

Author Comment

by:nikkilocke
ID: 14307024
I've accepted your answers, and split the points, as you've tried your best, and it's not your fault I don't have a hub.

Hope you don't mind that I have only graded the answers 2 - no reflection on your helpfulness, but I haven't solved the problem yet.
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 14308885
Nikki, thanks for the points,

You still have possible actions to take if you like:
1. install a real network monitor such as Ethereal (the free one I mentioned in an earlier post) on the machine you suspect of the attack
2. contact the ISP to see how they perceive this - it sounds like they have not complained to you

Good luck,
CajunBill
0
 
LVL 1

Expert Comment

by:BigGreenClenaMachine
ID: 15117972
the same thing happen to me and i have Zyxel- ZyWALL 10 when my coworker had insalled skype so i blame skype for the attack e-mails. and i don't rally worry bit it would help if someone would help know to solve this problem without taking any risk....

Have fun  BGCM
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question