Re: Agnitum stopping ICMP Echo Request to Microsoft site.
From: news box (info.box@home.nl)Date: 07/19/02
- Next message: : "Re: Firewall Beginners Assistance"
- Previous message: Steve: "Please Help"
- In reply to: Stephen James: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Next in thread: news box: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Reply: news box: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "news box" <info.box@home.nl> Date: Fri, 19 Jul 2002 19:05:47 +0200
I found out that loadqm will connact MS and start exchange or download .CAB
files.
If you interrupt this process, but thats my experience, it might effect into
a system shutdown (because of not completed kernel updates) these updates
are necessarely bad. But you can block these updates by excluding loadqm in
Outpost (options/ application/ brose for loadqm and give it 'no no').
Its also possible to block an active transaction, but do not 'end-task' this
process or be aware that the system may become weak. this methode is better
because finding the exact responsible service may be difficult.
Since you still want to visit MS for patches etc, its not advicable to block
the IP.
I searched my system but couldn't find that particular file i mentioned, so
i might be a service name. Nevertheless you can block this process at
/options/applications - and above all if you have the pro version (reged)
you may mark 'report' and get reported on this activity if you like.
(very handy if you want to know when and what..)
I hope this is helpfull, check your log files for transactions and look for
the MS IP : 207.46.131.30 you pointed out.
Sincerely,
Herauth
"Stephen James" <stephen_james@uk2.net> wrote in message
news:dfd51415.0207190459.58128164@posting.google.com...
> "chrisclu" <chris.20.chrisclu@spamgourmet.com> wrote in message
news:<PNNZ8.4361$_C2.330759@newsread2.prod.itd.earthlink.net>...
> > "Stephen James" <stephen_james@uk2.net> wrote in message
> > news:dfd51415.0207181305.38edf658@posting.google.com...
> > > Using Agnitum I get the following message in the 'Allowed' part.
> > >
> > > Reason App. Start Remote Port
> > Direction
> >
> --------------------------------------------------------------------------
> > --
> > > ICMP Traffic n/a 18/07/2002 21:53:34 207.46.131.30 Echo Request/0
> > Outbound
> > >
> > > Protocol Local Port
> > > -------------------
> > > ICMP Echo Request/0
> > >
> > > Given that
> > > whois -h whois.arin.net 207.46.131.30
> > >
> > >
> > > Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
> > > One Redmond Way
> > > Redmond, WA 98052
> > > US
> > > etc.
> > >
> > >
> > > I'm wondering why this would be happening, what can the purpose be?
> > > I'm not sure what a Echo Request is either.
> > > Any views?.
> >
> >
> > Are you allowing auto updates for Windows?
> > Chris
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/02
> Running Windows 2000 SP2 does this also do Auto updates if so how do I
stop it.
> Regards.
- Next message: : "Re: Firewall Beginners Assistance"
- Previous message: Steve: "Please Help"
- In reply to: Stephen James: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Next in thread: news box: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Reply: news box: "Re: Agnitum stopping ICMP Echo Request to Microsoft site."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
