1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What is causing this ICMP pest

Discussion in 'General Security' started by Merda, Nov 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    Hello

    I hope I am posting this in the right place ....

    Although I have googled till I'm dizzy I can't find an answer (or at least not one I can understand) to what this firewall log entry means.

    Rule "Default Allow Specific Inbound ICMP" permitted (192.168.1.1,3).

    Inbound ICMP request.
    Local address is (XXXXXX).
    Remote address is (192.168.1.1).
    Message type is "Destination Unreachable".
    Process name is "N/A".

    Inbound from where to where, requesting what?
    Where is the destination? And what was destined to go there?
    Type 3, code 3, pipe 3, port 3?

    Could anyone offer any interpretation, please?

    Further info: These instances occur when sending some (but not all) emails whether via webmail or an email client on my computer. There's one address which always triggers this, others are more random/irregular. The responses I have received so far includes "get rid of the firewall"; (I have tried two different versions); "you have got something nasty on your computer" (I have run plenty of anti- stuff but all seems well); and "block it" - but I can't send the (plain-text) mail in question if I do that.

    What are these occurrences "usually" symptomatic of? ......And can I do anything to prevent them?

    Any help will be greatly appreciated

    Thanx
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
  3. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    wk2000,

    Thank you for the link. I have read this before but can't make any sense of it, which is why I'm asking for an interpretation.

    If you could explain how me how it relates, that would be great.

    Thanx
     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    I think this icmp message is just telling your machine that something you wanted to reach is now gone from the network.
     
  5. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    What could it be? Why isn't there a more informative IP address?

    I have my firewall set up so my email client can connect only to my mailservers and DNS (port 53). The emails do get to where they are going, ICMP alert or not.

    Occasionally, I get one of these NOT from email. I got one when I submitted my first post here, but not with the second post.

    Three out of three times I have visited this page: http://www.time.gov/timezone.cgi?Eastern/d/-5
    I get

    Rule "Default Allow Specific Inbound ICMP" permitted (www.time.gov,3).
    Inbound ICMP request.
    Local address is (XXXXXX).
    Remote address is (www.time.gov).
    Message type is "Destination Unreachable".
    Process name is "N/A".

    I don't know what it is, but at least I know where it is from, not like the others with email or with the submission here, thay are as per my first post.

    What did you mean by network, please? Although I use two laptops, only one is connected to the router at any one time. Do you mean the INTERnetwork?

    Thanx for your reply.
     
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    yup I mean the internet
     
  7. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    Perhaps it would be useful to ask the questions one by one.

    "Inbound"

    What does it mean in this context?

    It suggests to me that something is wanting to come in to my computer from outside. Since there are no other computers on a local network thus must be from the internet via my router, right?

    But if I am the destination and the firewall knows something is contacting me, how can I be "unreachable"?

    If, on the other hand, I am sending something to somewhere on the internet and the "message" isn't getting through wouldn't it be a) outbound? and b) a program/module/process known to my firewall. (In the case of "b", my firewall doesn't usually have any difficulty in telling me what it is which wanted internet access).

    Please can anybody help me make some sense of this? Or is there anywhere else where I could ask about this?

    Thank you
     
  8. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    What you see is a reply from a remote router/switch saying 'what you want is not reachable' . So the message is coming from that router far far away, and so it is 'inbound' to your network.
     
  9. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    OK, thanx, wk2000.

    I cannot make sense about when it happens....

    Emails: I have different accounts, but they will all do it at different times.
    1 If I email [email protected] it happens EVERY TIME (my firewall took so long alerting me that the mail wouldn't get sent - so I stopped the pop-up alert and set it to just monitor the event instead). Naturally, I thought it was connected to the account. But when I sent a test mail to myself it didn't happen. However when I sent the contents of that mail to myself it occurred again. I even sent the contents via a completely different account (one from a different provider) and it still happened. So it seemed like it was the content of the mail, rather than the account. It was plain text with no links other than the "mailto:" in the header....they're all plain text.

    2 If I email [email protected] it happens SOMETIMES, I cannot predict when.

    Web use.
    3 When I post here it happens. (Only once it didn't)

    4 As I said above, when I visit http://www.time.gov/timezone.cgi?Eastern/d/-5 it happens every time.

    5 On http://www.freerice.com there's a word game. It's repetitive but fun, and for a good cause. Every now and again the ICMP alert occurs, seemingly at random. I have played it with cookies and without cookies. Cookies make no difference.

    I'd like to narrow this down. What type of thing(s) could I possibly be asking for in these places or with these emails which would give me this particular response at seemingly such odd times. Might it be malware?

    Thanx again.
     
  10. SirMille

    SirMille

    Joined:
    May 16, 2007
    Messages:
    32
    (192.168.1.1,3). is usually your router
     
  11. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    SirMille,

    192.168.1.1 (without the 3) is my router, yes.

    What do YOU think it means?
     
  12. www.pc-repair.ie

    www.pc-repair.ie

    Joined:
    Nov 6, 2007
    Messages:
    26
    From a wiki...

    "The error will not be generated if the original datagram has a multicast destination address. Reasons for this message may include: the physical connection to the host does not exist (distance is infinite); the indicated protocol or port is not active; the data must be fragmented but the 'don't fragment' flag is on."

    They could also be from your ISP


    Remember, ICMP is a connectionless protocol, so you could be firing stuff out, and it's not getting there.
    ICMP doesn't have a handshake etc.
     
  13. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    Hello pc-repair.ie

    Thank you for your reply.

    Your quoted text seems to be saying that the ICMP alert has been sent specifically to only one place, is that so? And am I the address-ee or the address-or? I do not understand who the "host" is in your quote. Is that my computer, or my router, or a computer on the internet?

    I am very interested in the idea that it might be FROM my ISP. It mostly occurs, as I have said before, when I send certain emails. BUT I do not use my ISP as my email address provider! This is because I have had account-security issues with this company in the recent past.

    Oh, and I am highly likely to get another alert when I hit the submit button to "send" this post to the forum :-(

    You say "connectionless". Now I'm completely flummoxed. It seems to happen when I make certain connections, particularly "sending" ones. I don't like the idea that I might be firing stuff out that I don't know about, I see nothing in my firewall logs just before this occurs. Could this be from malware of any sort?

    Any enlightenment would be very welcome

    Thank you
     
  14. Merda

    Merda Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    13
    I saw somewhere, but can't remember where, that one explanation might be that a UDP packet has gone astray.

    According to this page, it is a PORT which is unreachable. Unfortunately I don't understand if it is my port, or someone elses? (And if it is a port, surely that indicates a direction, no? Aarrrgh!)

    Can anyone add anything to this, please?
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646439

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice