[pchelpers] Re: PacketsNeed Answers

Hi Jackie,


Jackie MacWhirter wrote:
> 
> Hi Tim:
> 
> My OS is Windows 2000 professional, is the default I am also running Windows
> Me too dual booting.   Can I get rid of this packet ?   I checked my
> firewall's application it want to send a ICMP packet to a
> primary -dns.cogeco.net .  I understand it to ping a computer .  

Ok, if you're using Win2k, I could understand having a firewall as
there's MUCH more available network wise in NT than 9x. As far as
getting rid of the packet. There's really no need to.

> I have a
> very  good firewall + updated Norton antivirus professional-- as well as AVG
> . I have them configured because I use different email programs and other
> programs.   That address above is my cable company--but before it was
> someone from France.  Every once in awhile  I get those I just deny entry
> and create a rule.  I  called them he told me to always deny it-- they are
> checking to see if anyone is running a server off of them --You can install
> a server, which I did for study purposes-and that's okay -He said and even
> use it but not in a large way..

In my opinion, a firewall is only as good as it's configuration. You can
have the "best" firewall in the world but if it isn't configured
right...well, you get the idea. Eventually, your rules will be quite
large because you're denying ICMP packets from specific locations which
as I said before, it's kind of pointless. There's nothing gained by
denying the packet, likewise, there's nothing gained (except a reply to
the "attacker") from receiving it. ICMP packets pose no harm in
exploiting your system.

When using a server OS, that's the only time I see a need for a
firewall. It's easier to set something up at the frontend rather than
configuring many things. But if you're just running Me/9x, there's
really no point. If you don't have a trojan and there's nothing
listening on a socket then there's no threat. It's not like a "hacker"
is going to figure out a certain sequence to make your PC open up. But,
that's not to say that Me/9x are rock solid secure; they are to the
script kiddie. Hopefully if you ever call Symantec, you'll get ahold of
me =)

>Anyhow - I have some questions-- ICMP what
> does that stand for and what are they exactly used for?  Just for pinging
> another's computer?  Or what else can it do?- What's in the packet, how does
> it work? Whats involved?   If someone sends you a packet and it somehow gets
> installed on your computer-- can you delete it so your computer does not
> send them any information? Creating a rule is fine but how about deleting
> the packet instead?--  I would really appreciate answers to these questions.

ICMP is Internet Control Message Protocol. They're basically message
packets. But, their most common use is with ping. I think your other
questions are best answered by this site:

http://www.FreeSoft.org/CIE/Topics/53.htm

One thing I don't understand. Packets don't get "installed" on your
computer. Packets are short-lived critters. They're not stored as files
in which you can just select 'em and hit delete. Sure, you can create a
rule to deny ICMP packets, but make sure it's not peer specific (i.e.,
rules that rely on denying ICMP packets from a certain IP address). The
only information gained by a ping is that a computer exists at the given
IP address. 

<Rant>
This is why I don't like Steve Gibson, he's the champion of FUD (Fear,
Uncertainty, Doubt). For instance, his port probe, and the message,
"We're now trying to talk to the server inside your computer!" haha!
Although, his port probe is handy for seeing what ports ARE open.
</Rant>

Regards,

Tim H.

> Yes you did give me some valuable knowledge below  Thank you very much ---
> Jackie MacWhirter
> 
> ----- Original Message -----
> From: Tim H.
> To: pchelpers@xxxxxxxxxxxxx
> Sent: Wednesday, March 27, 2002 10:32 AM
> Subject: [pchelpers] Re: Packets
> 
> Hi Jackie,
> 
> Boy I sure hope your "firewall" didn't say that an ICMP packet was
> requesting installation! ICMP packets are the packets that are sent when
> you ping a computer. They're harmless (unless you're running Win95 in
> which they can be used for a DoS attack). Would be nice if someone wrote
> an article explaing HOW firewalls work and WHY you need them. Everyone
> says, "get a firewall to keep 'hackers' out!" but no one ever gets into
> details. So, ignore ICMP packets, there's no risk of being "attacked" by
> 'em. Any REAL hacker is not interested in your PC or any other casual
> user's PC. Script kiddies I tell ya! If you're up to date on your A/V
> software and don't open attachments w/out thinking then there's nothing
> to worry about. Unless of course, your OS is a server, in that case a
> firewall would be handy.
> 
> -Tim
> 
> Jackie MacWhirter wrote:
> >
> > Hi  Everyone:
> >  I want to know why a ICMP packet wants to be installed on my computer it
> is
> > from France.. It was  right after I updated my firewall -- it said type
> > kernal driver but then it came again after I denied it from  some person
> > from France in more clarity   Can someone enlighten me please.   I denied
> > entry and unchecked it  coming in and going out until I know what it is
> and
> > why--...   Thanks again-- Jackie
> > __________________________________________________________________
> > Jackie MacWhirter
> > ICQ#: 19728235
> > Current ICQ status:
> > +  More ways to contact me
> > I  See more about me:
> > __________________________________________________________________
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.343 / Virus Database: 190 - Release Date: 3/22/2002
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.343 / Virus Database: 190 - Release Date: 3/22/2002

Other related posts: