Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[RamGuy]

------------------------------------
[INFO] Thu Apr 17 04:58:57 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 61.189.175.182
[INFO] Thu Apr 17 04:28:28 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.10.193.252
[INFO] Thu Apr 17 04:25:38 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.5.169.165
[INFO] Thu Apr 17 04:24:43 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 202.97.238.204
[INFO] Thu Apr 17 04:13:06 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 207.46.26.254
[INFO] Thu Apr 17 04:12:49 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.30.37.246
[INFO] Thu Apr 17 04:11:40 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 24.234.136.138
[INFO] Thu Apr 17 04:11:13 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 212.244.116.1
[INFO] Thu Apr 17 04:10:04 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.23.100.207
[INFO] Thu Apr 17 04:09:43 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.25.237.249
[INFO] Thu Apr 17 04:09:40 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.7.81.104
[INFO] Thu Apr 17 04:09:28 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.113.118.174
[INFO] Thu Apr 17 04:08:34 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.11.29.96
[INFO] Thu Apr 17 04:08:33 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.19.199.202
[INFO] Thu Apr 17 04:08:32 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.180.59.151
[INFO] Thu Apr 17 04:07:05 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 221.208.208.94
[INFO] Thu Apr 17 04:07:01 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.204.81
[INFO] Thu Apr 17 04:06:09 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 24.81.188.104
[INFO] Thu Apr 17 04:05:57 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.253.64.99
[INFO] Thu Apr 17 04:05:15 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.13.238
[INFO] Thu Apr 17 04:04:45 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.25.129.79
[INFO] Thu Apr 17 04:04:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.253.177.157
[INFO] Thu Apr 17 04:04:06 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.158.158.34
[INFO] Thu Apr 17 04:03:59 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.2
[INFO] Thu Apr 17 04:03:57 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.15.123.34
[INFO] Thu Apr 17 04:03:55 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.11.6.12
[INFO] Thu Apr 17 04:03:50 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.9.191.16
[INFO] Thu Apr 17 04:03:47 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.28.214.161
[INFO] Thu Apr 17 04:03:43 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 89.54.48.231
[INFO] Thu Apr 17 04:03:39 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 79.186.63.80
[INFO] Thu Apr 17 04:03:39 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.147.44
[INFO] Thu Apr 17 04:03:35 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 90.194.176.21
[INFO] Thu Apr 17 04:03:32 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.23.248.67
[INFO] Thu Apr 17 04:03:27 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 66.115.128.202
[INFO] Thu Apr 17 04:03:20 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 196.206.208.240
[INFO] Thu Apr 17 04:03:15 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.105
[INFO] Thu Apr 17 04:03:14 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 216.130.185.84
[INFO] Thu Apr 17 04:03:13 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 90.206.10.243
[INFO] Thu Apr 17 04:02:57 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.145
[INFO] Thu Apr 17 04:02:49 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.25.133.163
[INFO] Thu Apr 17 04:02:43 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.62
[INFO] Thu Apr 17 04:02:41 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 84.136.114.226
[INFO] Thu Apr 17 04:02:40 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 89.78.165.101
[INFO] Thu Apr 17 04:02:35 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.25.179.75
[INFO] Thu Apr 17 04:02:30 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 70.231.251.232
[INFO] Thu Apr 17 04:02:26 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 91.193.96.230
[INFO] Thu Apr 17 04:02:25 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 64.216.47.190
[INFO] Thu Apr 17 04:02:24 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.112.5.87
[INFO] Thu Apr 17 04:02:20 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 84.60.168.170
[INFO] Thu Apr 17 04:02:19 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 79.173.30.248
[INFO] Thu Apr 17 04:02:18 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.173
[INFO] Thu Apr 17 04:02:09 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.88
[INFO] Thu Apr 17 04:02:09 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.49
[INFO] Thu Apr 17 04:02:08 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 88.156.236.130
[INFO] Thu Apr 17 04:02:07 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.170.163.14
[INFO] Thu Apr 17 04:02:07 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 90.132.72.17
[INFO] Thu Apr 17 04:02:07 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 85.166.207.57
[INFO] Thu Apr 17 04:02:06 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.142.174.159
[INFO] Thu Apr 17 04:02:05 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 216.240.134.122
[INFO] Thu Apr 17 04:02:05 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 74.229.70.4
[INFO] Thu Apr 17 04:02:03 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 79.185.58.166
[INFO] Thu Apr 17 04:02:01 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 90.228.245.70
[INFO] Thu Apr 17 04:02:01 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 87.244.194.121
[INFO] Thu Apr 17 04:01:59 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.181
[INFO] Thu Apr 17 04:01:55 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.40
[INFO] Thu Apr 17 04:01:52 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.30.107.231
[INFO] Thu Apr 17 04:01:51 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.160.116.1
[INFO] Thu Apr 17 04:01:49 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 80.48.144.41
[INFO] Thu Apr 17 04:01:47 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.52
[INFO] Thu Apr 17 04:01:47 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 213.136.230.146
[INFO] Thu Apr 17 04:01:47 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 78.42.121.252
[INFO] Thu Apr 17 04:01:46 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.88
[INFO] Thu Apr 17 04:01:46 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 78.88.83.147
[INFO] Thu Apr 17 04:01:45 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.160.43.3
[INFO] Thu Apr 17 04:01:45 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.109
[INFO] Thu Apr 17 04:01:44 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 88.199.92.2
[INFO] Thu Apr 17 04:01:44 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 201.51.70.164
[INFO] Thu Apr 17 04:01:44 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.62.67
[INFO] Thu Apr 17 04:01:44 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 88.240.114.24
[INFO] Thu Apr 17 04:01:43 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.4.167.149
[INFO] Thu Apr 17 04:01:41 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.155
[INFO] Thu Apr 17 04:01:36 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.41.80.97
[INFO] Thu Apr 17 04:01:33 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.23.177.27
[INFO] Thu Apr 17 04:01:29 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.148
[INFO] Thu Apr 17 04:01:29 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.111
[INFO] Thu Apr 17 04:01:29 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 87.1.66.12
[INFO] Thu Apr 17 04:01:29 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.140.40
[INFO] Thu Apr 17 04:01:22 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 79.184.11.9
[INFO] Thu Apr 17 04:01:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.28.228.252
[INFO] Thu Apr 17 04:01:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 92.237.13.9
[INFO] Thu Apr 17 04:01:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.50
[INFO] Thu Apr 17 04:01:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 217.236.76.94
[INFO] Thu Apr 17 04:01:21 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.253.176.135
[INFO] Thu Apr 17 04:01:20 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.21.57.79
[INFO] Thu Apr 17 04:01:20 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 82.134.173.96
[INFO] Thu Apr 17 04:01:20 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 74.193.9.114
[INFO] Thu Apr 17 04:01:19 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 89.243.83.252
[INFO] Thu Apr 17 04:01:05 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.174
[INFO] Thu Apr 17 04:01:04 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 77.253.149.239
[INFO] Thu Apr 17 04:01:03 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 144.138.154.107
[INFO] Thu Apr 17 04:01:03 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.10.185.30
[INFO] Thu Apr 17 04:01:02 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 78.16.238.68
[INFO] Thu Apr 17 04:01:02 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 69.85.242.115
[INFO] Thu Apr 17 04:01:02 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.10.112.170
[INFO] Thu Apr 17 04:00:58 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 217.96.119.221
[INFO] Thu Apr 17 04:00:58 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 83.11.206.27
[INFO] Thu Apr 17 04:00:58 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 87.207.207.240
[INFO] Thu Apr 17 04:00:58 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 90.35.215.212
[INFO] Thu Apr 17 04:00:57 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 217.159.161.116
[INFO] Thu Apr 17 04:00:56 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 87.17.199.25
[INFO] Thu Apr 17 04:00:55 2008 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.1.149 to 67.162.100.197
--------------------------------------------------------


As you might see from my log, I've got lots of ICMP Packet's blocked.. And that's just like 4% of my log, it continues for ages..
What does that means? And why does this occur?

I'm using a static DMZ-hosted IP-address, the Firewall is completely disabled, I've got no firewall on my computer, the Windows Firewall service has been disabled and I'm using a 5meter CAT7 cable.

[RamGuy]

Now I also get this in the log:

----------------------------------------
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61577 to 137.165.4.96:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61549 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61555 to 193.213.121.80:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61556 to 193.213.121.80:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61559 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61561 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61541 to 193.213.121.91:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61537 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61557 to 193.213.121.80:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61554 to 193.213.121.80:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61543 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61539 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
[INFO] Wed Apr 16 13:08:43 2008 Blocked outgoing TCP packet from 192.168.1.149:61545 to 207.46.19.190:80 as FIN:ACK received but there is no active connection
---------------------------------------------------------

[Dragonslore]

From your first post in this thread, every single IP address listed is different except for one which is listed twice.

So I would hazard to guess that you may have some sort of infection on your system of which the out going connection is being blocked.

Those IP addresses look like they may possibly be Fast Flux IP's from a BotNet.

[DLinkUserDude]

The real question should be, why is the gateway firewall blocking OUTGOING ICMP Type 3 packets by default (Especially when there is no option not to block them, or to provide any granular control whatsoever to how ICMP is handled).

In the many different threads where the issue of "ICMP Type 3 blocked" entries in the logs are coming up, I have yet to see a single cogent (or otherwise) explanation by any D-Link person as to why this is being done by their firewall code, and/or why it isnt configurable in the advanced options somewhere...

Even the built-in Windows firewall allows granular control over blocking/unblocking ICMP, including for outgoing destination unreachable packets (Type 3). 

Perhaps D-Link should state their position/reasoning on this..

[Dragonslore]

What I would recommend is going to a well known (reputable) security forum and request some help so as to make sure your system is clean.

Here are a couple of good ones

Spywareinfo Forums

What the Tech Forums (formerly TomCoyote)

Now without seeing any diagnostic logs from your system using specific software, I can't say for sure that there is an infection on your system or what may be residing there.

But from your router log, it does look like you may have a Bot on your system. It could be from a Storm worm variant or some other parasite that has been going around in recent months. Worse case scenario would be the presence of a RootKit as many spyware parasites tend to download other parasites to protect themselves.

Keeping a system in DMZ without any firewall protection what so ever is bad news, especially with all that is loose on the net these days. But then again, I have no idea what sort of protection you may have configured on your system.

The Main reason I purchased the DGL-4500 was not only for the Extreme-N and GigaBit capabilities, but the most important thing to me was the Dual Active SLI & NAT fire walls. In other words, the SLI firewall saves me from having to purchase a separate security appliance.

[dbasnett]

I have a legitimate application that sends ICMP packets rarely, but see the same sort of behavior. 

[Trikein]

That smells of a worm. Look at that traffic, its all over the place. UK, A Data server in China, a DNS server in Germany. I would suggest running A-squared HijackFree or some simular app and see what exactly on that computer is greating the queries.