Windows Operating System / System Idle Process in Logs [Merged Threads]

[Guest]

[forcesorcery]

Hello Sirs,

I'm an ADSL user without router, and I'm using XP SP2.

Sometimes, almost occurs after connected on internet
The "Windows Operating System" want to send ICMP out to my DNS server (168.95.1.1 & 168.95.192.1)
The ICMP is "Type(3) Code(3)"...I dont know what Type(3) Code(3) means.

Should I allow it? Is it normal or malicious?

Thanks very much in advance, best Regards. (S)

[Comofo]

Type   Name               
----   -------------------------      
  0   Echo Reply            
  1   Unassigned             
  2   Unassigned               
  3   Destination Unreachable         
  4   Source Quench             
  5   Redirect            
  6   Alternate Host Address            
  7   Unassigned             
  8   Echo               
  9   Router Advertisement         
 10   Router Solicitation         
 11   Time Exceeded            
 12   Parameter Problem         
 13   Timestamp            
 14   Timestamp Reply            
 15   Information Request         

Codes
0  Net Unreachable                         
1  Host Unreachable                         
2  Protocol Unreachable                     
3  Port Unreachable                       
4  Fragmentation Needed and Don't             
    Fragment was Set                           
5  Source Route Failed                       
6  Destination Network Unknown               
7  Destination Host Unknown                 
8  Source Host Isolated                   
9  Communication with Destination         
    Network is Administratively Prohibited   
10  Communication with Destination Host is   
      Administratively Prohibited
11  Destination Network Unreachable for Type
      of Service
12  Destination Host Unreachable for Type of   
     Service
13  Communication Administratively Prohibited 
14  Host Precedence Violation                 
15  Precedence cutoff in effect

[forcesorcery]

Thanks very much...
Port unreachable...?
Is it safe? or malicious...?
Should I allow this?

[Comofo]

Hard to say force,
What I think it might be is your DNS server slow to respond, and so when it finally does it's rejected because it's late and no longer expected - if I understand your description properly + my educated guess is correct.
Do you get a lot of these?
Do they have any noticeable affect? 

[forcesorcery]

Thanks, Master Comofo.

No, I dont get lots of these ICMP outgoing attmpt...just sometimes.
Usually occur after just connected with internet.(ADSL user)
and...If I block it, seems nothing wrong happened.

[Comofo]

LoL...master? Not even close, I'm just trying to share my limited understanding/experience with my fellow 'modo supporters. Often I'm just researching the info myself.   
Can you post a screen shot of an example of these blocks? And we'll just see if we can't sort this out...

[Josh123]

LoL...master? Not even close, I'm just trying to share my limited understanding/experience with my fellow 'modo supporters. Often I'm just researching the info myself.   
Can you post a screen shot of an example of these blocks? And we'll just see if we can't sort this out...

Thank you Comofo for your contribution

Josh

[forcesorcery]

Thanks for helping..

These is some log of ICMP outgoing attempts...
The source IP are mine...I use ADSL so I have various IPs
Sometime the destination IP changes to 168.95.192.1 (It's my ISP DNS)

Is this normal...?
Best Reagrds

[Comofo]

So if I gather correctly,
This is all traffic within your network.
I am not very concerned (though I am rather curious) about the danger these pose (if you do in fact recognize the addresses). Like I said before, these could be just slow DNS responses - and they are few and far between.
I wish I could tell you for sure what these are exactly, but to be honest my knowledge is limited and there are other variables to consider.
Whatever these blocks are, they do not seem to pose any functionality problems - I personally would not allow these unless (a) they do and (b) the exact nature of them is revealed and (c) someone smarter than me (they're really easy to find) tells you to.

With the info you've provided me I'm still investigating and will let you know as soon as I learn more.

([at] 3xsist: I believe it all comes around )

[forcesorcery]

Thanks very much,
Maybe it's just slow of DNS response...
It's only occurs when I feel the internet is quite slow.

Hope this isn't malicious.
I used Porcess Explorer to check the system...no strange module was found.

Thanks very much again for helping.

[Comofo]

Next time it happens -

Make sure you know the ip's are yours: Run > cmd > type: ipconfig /all > Enter
These are your lan addresses, DNS, etc. - and also do a traceroute [ie; ping yahoo.com]
Here's your wan address
now check these against your blocks.

If they're yours, no worries at all

and if they're not - well, at least you never allowed them

Lemme know how it goes.

[forcesorcery]

Thanks, I'm pretty sure that those IPs were mine.
It seems normal.

Thank a lot again for these helping.

[Comofo]

My pleasure,
I flipped back through this thread and there I was, learning how to disable my routers rip. Love it.

 

[AussieSteve]

May I Suggest A Summary Of This Thread, As I Had The Smae Problem And Read Over The Answer Due To The Length.

[Vettetech]

I actually told you the answer in your other thread. Make it outgoing. Make svchost,explorer.exe and system all outgoing only.

[Tags:]