Re: Attempted Intrusion "Welchia_ICMP_Scan" from your machine against
From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: Thu, 6 Jan 2005 22:14:18 -0800
In article <email@example.com>, toons says...
> Okay, I have been having this problem for about 6 weeks and I dont like
> things like this because they tend to indicate a total screw around
> with my connections tray and plus, anyone attacking my system and I
> like to let them have a surprise package in return.
Who, what, where, and how?
> Anyways, I have traced the problem and it is definitely Yahoo Messenger.
What is it that they do?
> In the last update, they have something in there that constantly tries
> to call home.
While it is running? Or just when it is started? I only see a "phone home"
action when I start it; never during operation. It is just checking for
updates, and easily stopped by a firewall.
> When you have Norton Installed, it stops it and places a report.
Yep; as does Kerio Personal Firewall ver. 2.1.5.
> That is why it is mostly only Norton users that see the problem.
I'd expect Zone Alarm Pro to catch it, as well; probably Agnitum Outpost and
Sygate, as well.
> Simple solution, disconnect Yahoo Messenger completely and shut it down
> when not in use. When it is in use, you have to live with it until Yahoo
> decide to either remove the protocol or clean it up. Frankly,
> programmers are just too lazy these days.:aaa
Aside from the auto update check on startup, Yahoo! Messenger functions in a
similar manner to AIM and MSN Messenger.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint