1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ping acting funny! Two questions

Discussion in 'Windows XP' started by Duxie, Feb 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Duxie

    Duxie Thread Starter

    Joined:
    Nov 20, 2002
    Messages:
    12
    Hi,

    I've found something weird on my network. In my firewall I found the following entries by the hundreds
    00:09:52 TCAR blocks stranger eth0 UDP 192.168.0.248 137(NETBIOS-NS) 00:0d:61:23:21:4c 192.168.0.255 137(NETBIOS-NS)

    where 192.168.0.248 is the source and 192.168.0.255 is the destination. PC248 is Windows XP PC. The other PC is not supposed to exist in the network. I have lists of all the ip's in the intranet. When I ping PC255 it replies as follows: "Reply from 192.168.0.150: bytes=32 time<1ms TTL=64"

    Question 1
    PC150 is a PC on my network. Why is it replying when I'm pinging 255 which is not supposed to exist.

    Question 2
    Why is pc248 causing all those calls to pc255?


    From my viewpoint it looks like malware of some form or the other.
    Any help will be appreciated.
    Thank
    Duxie
     
  2. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    This is a Denial of Service (DoS) attack, effectively trying to flood the network with pings until the network just...stops communication. This is commonly launched against businesses (particularly banks, IT companies (Microsoft, IBM, etc) and the like). More than likely, yes, this is malware.

    To explain why your computer is pinging to the unknown address, I am going to have to get technical on you. Bear with me...

    Your host (192.168.0.248) is ping to your network's broadcast address (192.168.0.255). This is the address your network uses to communicate to all nodes on your network (ie when you send a message from one computer to all others (through the command "net send" from the command prompt). In this case, it is pinging to it, expecting to create a DoS attack on your network.

    I hope I haven't swamped you with too much detail...
     
  3. Duxie

    Duxie Thread Starter

    Joined:
    Nov 20, 2002
    Messages:
    12
    Thanks for the speedy reply. Lucky for me an old friend of mine I haven't seen for some time visited over the weekend and helped me to figure out the problem. PC248 was trying to update windows but did not have any rights for Internet access. When I fixed that the strange behaviour stopped. Pc150 is not a pc at all. It is the Wifi router that was broadcasting on 255. This also stopped when 248 was fixed. This was however not my biggest problem. My Wifi network was set up by the local computer shop and they never setup any form of security. My network was totally open to any outsider to use for internet access. Having to fix the ping problem exposed a more serious oversight. We fixed this immediately.
     
  4. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    It's very strange that they didn't set up security, or offer to set it up. It's easy enough to set up, except for remembering the access key you implement (well, depending on what you set up...).

    Well, in any case, it's good to hear that the problem (including this previously hidden one...) has been sorted, and that the problem wasn't as...problematic as I thought it was...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544502

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice