Guest Telex4 Posted September 6, 2003 Report Share Posted September 6, 2003 Hullo, I'm connected with an NTL cable modem. I recently got blocked (they changed my DNS config to do this) because they thought I had a Windows virus... they judge this by outbound net acitivity, like a high ping rate. Now I keep having my DNS settings changed every few minutes by dhclient (I assume anyway) because of this. Watching ksim (gkrellm like app) I see that activity on eth0 jumps from 0% to 34% to 84% and so on... when I'm doing nothing. This has to abnormal... so what's causing it? I can't see anything in the process table that might account for the activity. Could it be dhclient doing this? Somehow, I need to bring the activity down or my connection will become unusable... Quote Link to comment Share on other sites More sharing options...
tyme Posted September 6, 2003 Report Share Posted September 6, 2003 when the activity is going up you can try running netstat at a terminal and look for any oddball connections. you could also use ethereal to sniff outbound traffic and see what's going on....but if you're the only person using it, with just one computer, i would check netstat as it will show all active connections. Quote Link to comment Share on other sites More sharing options...
kmack Posted September 6, 2003 Report Share Posted September 6, 2003 Might see if you can shut off ping response from your box too. Depending on your firewall there how you do it. In mdk control center if you are using it, poke around until you find it. I blocked mine at the router and so I don't get bothered now. You might have some runaway Windows machines on the same cable node with you. They will scan for any open port they can find. My ISP is blocking people too and asked everyone to turn on machines last wed. They scanned everyone and somehow could tell if people were running latest Windows patches or not. Unpatched users got blocked and given instructions to use dialup and patch before they could be reactivated. I'm not sure they can get thru firewalls, etc to see what people are running so maybe they just mimiced the virus/trojan and looked for response. Pretty radical but throughput has gotten better since they did this. Hope shutting down ICMP / PING helps. Quote Link to comment Share on other sites More sharing options...
Guest Telex4 Posted September 6, 2003 Report Share Posted September 6, 2003 Might see if you can shut off ping response from your box too. Depending on your firewall there how you do it. In mdk control center if you are using it' date=' poke around until you find it. I blocked mine at the router and so I don't get bothered now./quote'] I had a look in the firewall settings and it didn't have anything about shutting off ping responses... can someone point me in the right direction here? It sounds like it could be the problem Quote Link to comment Share on other sites More sharing options...
kmack Posted September 7, 2003 Report Share Posted September 7, 2003 I am on my way out to church but try this: Open Mdk Control Center Go to Security section Under Basic tab raise your level to High Under Network Options tab check NO on ICMP packets (2 choices) It might help to log STRANGE PACKETS check yes to enable it and then you can see where they come from. If your log gets too big shut it back down. Hope this helps. I'll check back in after church and see how things went. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.