Re: Attempted Intrusion "Welchia_ICMP_Scan" from your machine against

From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 01/07/05


Date: Thu, 6 Jan 2005 22:14:18 -0800

In article <toons.1ieuyl@mail.mcse.ms>, toons says...

> Okay, I have been having this problem for about 6 weeks and I dont like
> things like this because they tend to indicate a total screw around
> with my connections tray and plus, anyone attacking my system and I
> like to let them have a surprise package in return.

Who, what, where, and how?

> Anyways, I have traced the problem and it is definitely Yahoo Messenger.

What is it that they do?

> In the last update, they have something in there that constantly tries
> to call home.

While it is running? Or just when it is started? I only see a "phone home"
action when I start it; never during operation. It is just checking for
updates, and easily stopped by a firewall.

> When you have Norton Installed, it stops it and places a report.

Yep; as does Kerio Personal Firewall ver. 2.1.5.

> That is why it is mostly only Norton users that see the problem.

I'd expect Zone Alarm Pro to catch it, as well; probably Agnitum Outpost and
Sygate, as well.

> Simple solution, disconnect Yahoo Messenger completely and shut it down
> when not in use. When it is in use, you have to live with it until Yahoo
> decide to either remove the protocol or clean it up. Frankly,
> programmers are just too lazy these days.:aaa

Aside from the auto update check on startup, Yahoo! Messenger functions in a
similar manner to AIM and MSN Messenger.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint