Unsolicited ICMP requests

Hello everyone
While using Wireshark to monitor my link I have seen repeated unsolicited ICMP echo requests generated from my Mac. The period of time is around 15 seconds. So every 15 seconds my MacBook is pinging specific IP addresses. One IP address that is pinged is my DHCP server and the others belong to the wireless network - even though I am not connected wirelessly when examining with wireshark.
There were some instances that I saw new destination IP addresses but those either exceed the time to live or their port is unreachable. I would like to note that those new IPs do not get pinged repeatedly just once (except id the time period is quite large).
The sequence number of the ICMP requests are not sequential but increases by 1280 every 15 seconds. I do not know which process generates them or if I have any misconfiguration. It is very annoying as I wanted to manually generate pings for some experiments.
I really doubt if anyone knows why this happens but if one does please I would really like to know. If it is a process that generates these ping packets how could I filter out which process is doing this ?
Thank you for your time

Zdenerwowana wrote:
I am also very anxious about people they try to be my Skype contact and I do not have any desire to contact with strangers. It is something wrong with privacy and security.
I love Skype, but if I do not find resolution or somebody will not help me I have to stop using Skype.
What I have to do to protect my privacy and do not see any more strangers waiting for contact?
Same situation here. I have always had my privacy settings set to contacts only and today I asked someone who I don't have as a contact to try and find me. He is a Skype user and after entering my first and last name found me right away (confirmed by sending me a contact request).
I'm very disappointed to see such poor privacy settings. I have changed my profile to remove my photo and gender, since most of the contact requests say they are women.

Similar Messages

Receiving Unsolicited Facetime Requests

I keep receiving unsolicited Facetime requests on my iPhone. I noticed in the morning that this person attempted to Facetime with me during the odd hours of the night, and in the morning they tried to connect again. I wasn't sure if I actually knew the person so I answered the call (with the camera blocked) and asked who this was. All I could hear on the end was laughing and that was it, there was no video of an actual person, but an empty background of someone's room.
I hung up. Afterwards, I kept getting requests over and over from the same user. I finally had to disable Facetime from my iPhone to avoid being harassed. What I don't get is, why isn't there some sort of blacklist or blocking feature in Facetime? This could be a haven for spammers, if they were able to harvest facetime IDs, they could easily spam thousands of people with this communication tool.
So what are my options (other than having to disable my Facetime)?

YOU ARE NOT ALONE. SAME ISSUE JUST STARTED JULY 2015. IF SKYPE DOES NOT PUT IN A FILTER THEY ARE GOING TO LOOSE A LOT OF CUSTOMERS AND THEIR REPUTATION.
THIS IS LIKE GETTING ANNOYING TELEPHONE CALLS FOR DONATIONS EVERY DAY BY HUNDREDS OF CALLERS. WILL SKYPE GET THE MESSAGE? EVERYONE KEEP BEATING ON SKYPE!!!!

Unsolicited contact requests (spams / junk)

I though Skype would have been a better platform, but it appears to be the worst of the worst. I am constantly inundated with (mostly sexual) unsolicited contact requests. I do not have the time to keep blocking every day.
Does Microsoft have a plan and timeline on fixing this? Else I will be uninstalling Skype.
Solved!
Go to Solution.

What I want is a solution that handles the problem terminatedly! I do get multiple unwanted requests daily (4 already and its only 9AM). This situation has gotten worse over the last few weeks.
I talked with customer support and have set all the privacy settings according to recommendations and even changed my profile name - I was assured this would stop the requests. Well none of the recommendations work.
So why have this privacy setting "Allow messages from: Contacts" if it does not work? Its a little like those buttons at crosswalks.
It seems like a simple formula - contact request does not equal contact on my list = reject it! I will gladly add a person I want to my contacts. How you ask? They can call me on the phone, send me an email, talk to me in person, contact a friend, post on my Facebook - if they don't have any of these then they are a contact I don't need. Will this cause an inconvenience? Maybe but I am not unreachable.
Skype is a tool. A very handy tool for texting, calling, file transfers, conferencing. I use it every single day.
I sympathize with the person who started this thread. Their solution is unworkable for me since Skype is as integral to my business as an internet connection. So the only option Skype has left me is to close my account and open up another one.
This is a VERY BIG hassle as anyone with hundreds of contacts might imagine.
So I ask....make the privacy setting you promote really work. Exclude all contact requests, delete them, do not let them thru, obliterate them, send them all to SPAM hell if they are not on my contact list! Simple, easy, and straight forward.
Can you do this?

Receiving unsolicited contact requests.

I only use Skype for chats & video calls to my relatives in Australia. Normally I do not receive unsolicited contact requests. I have had them before and they seem to follow either new Skype updates or my Skype activity. I video called OZ last week and I am now receiving 6 or 7 unsolicited contact requests from young women in Africa/Asia each day now?Yes my settings only allow my contacts to contact me and yes I block all the unwanted requests; but it is annoying and upsetting because I do not know how & why it happens and I cannot stop it.Apparently neither can/will Skype?My apologies for being repetitious, I'm just blowing off steam.

YOU ARE NOT ALONE. SAME ISSUE JUST STARTED JULY 2015. IF SKYPE DOES NOT PUT IN A FILTER THEY ARE GOING TO LOOSE A LOT OF CUSTOMERS AND THEIR REPUTATION.
THIS IS LIKE GETTING ANNOYING TELEPHONE CALLS FOR DONATIONS EVERY DAY BY HUNDREDS OF CALLERS. WILL SKYPE GET THE MESSAGE? EVERYONE KEEP BEATING ON SKYPE!!!!

EA6300 ICMP request reply delay "request timed out"

Hi all,
I bought recently a EA6300 smart wifi to provide support for intranet & internet. Router is connected by cat6 cable from a 24 port local lan switch. I am getting icpm delay message "request timed out" frequently. User can't work properly due to having this interruption over lan. I can't understand why it is happening. Could any expert pls help me regarding this issue.
Rgds
Zahir

May I know where the computer is connected, Zahir? Is it behind the router or the switch? We have to properly look into what's causing this. What you mean by delay in ICMP, is it when you're pinging a website or the router IP Address? There are tons of reason for delay but with proper diagnostics, I'm pretty sure you'll get to the bottom of this.
By the way what kind of switch are you referring to?
You may check this for more info: SWITCH

Unsolicited Contact requests

I am getting a lot of these lately and continue to block them and report them but I am not convinced that any action is being taken - whats going on - does anyone know??

if you report those users, especially if you send a detailed report to [email protected], Skype will surely take time to check or investigate the activities of those users and do the appropriate actions against their account/s (which may range from temporary to permanent suspension).
IF YOU FOUND OUR POST USEFUL THEN PLEASE GIVE "KUDOS". IF IT HELPED TO FIX YOUR ISSUE PLEASE MARK IT AS A "SOLUTION" TO HELP OTHERS. THANKS!
ALTERNATIVE SKYPE DOWNLOAD LINKS | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUSPICIOS CALLS AND MESSAGES
SEE MORE TIPS, TRICKS, TUTORIALS AND UPDATES in
| skypefordummies.blogspot.com |

ASA 5505 ICMP Deny

Hi
I am facing a problem with icmp in ASA 5505, i want to block the icmp from inside to outside , but outside to inside icmp should work, here the configuration.
ASA Version 8.0(5)
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 172.17.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
ftp mode passive
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service OPC_Ports tcp
port-object range 3800 3900
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp range 3800 3900
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object tcp range 3800 3900
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object tcp range 3800 3900
access-list inside_access_out extended permit object-group DM_INLINE_SERVICE_1 host 172.17.1.200 any
access-list inside_access_out extended deny icmp any host 172.17.1.200
access-list inside_access_in extended permit tcp any host 172.17.1.200 range 3800 3900
access-list inside_access_in extended deny icmp host 172.17.1.200 any
access-list inside_access_in extended permit ip any any inactive
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 host 172.17.1.200 any
access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_4 192.168.1.0 255.255.255.0 host 172.17.1.200
access-list outside_access_out extended deny icmp any host 172.17.1.200
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny 192.168.1.0 255.255.255.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 172.17.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:0e7c3f786320372e8e43f7e5f00fb72c
: end
with this configuration it worked fine, but after rebooting the device , port 3800-3900 ports are not working, if i enable IP then ICMP and 3800-3900 ports are working,
What i need is
inside to outside icmp deny
outside to inside icmp permit
thanks in advance

If so then you need to have the specified settings on the inside and outside interface mapping ACL's....
outside to inside ( on outside ) interface mapped acl you can allow the entire icmp....
like
access-list inbound extended permit icmp any any
On the inside interface mapped ACL....
access-list outbound permit icmp any any echo-reply
access-list outbound permit icmp any any unreachable
access-list outbound permit icmp any any time-exceeded
access-list outbound deny icmp any any
Have the above ACL on top of your IP/TCP/UDP ACL's so that it works correctly.....
This will allow any kind of icmp requests from outside.... but from inside it allows only the return traffic required icmp messages....
Regards
Karthik

Is connection possible without ping request

I have a question which is conceptual in nature, is it possible to receive traffic from a remote host to my host machine even if the ping from host to remote machine is not happening in Linux( Red Hat).
I hope my question is clear that is it possible for a connection to happen from a host to remote machine even if it is not pinging from host to remote machine in Red Hat Linux.
Requesting a reply to my query.
Regards

Hi,
Like Dude said, we check the connection between Linux hosts by ICMP request/response and if you want to transfert data between Linux hosts there are many solutions like scp, ftp, sftp, sync, ......
Note 1: Protocols like ICMP, ssh, ftp,.... use a different ports number, so you can block ICMP and accept Other. Or you can block ftp and accept ICMP.. As you like
Note 2: The response of an ICMP request can be blocked by firewall or by the kernel it self when you modify the contents of the file /proc/sys/net/ipv4/icmp_echo_ignore_all from 0 to 1.
Best regards

IP SLA ICMP Path Jitter - Strange results

Hi all,
I'm an intern in a network company, in France. I'm working on the IP SLAs fonctions of Cisco IOS.
I've got some equipments to make some tests :
I've configured the ICMP Path Jitter operation on R1 (a 2800 router), which has the IOS Software C2800NM-ADVIPSERVICESK9-M, 15.1(1)T (fc1) :
ip sla 2
path-jitter 192.168.2.2 source-ip 192.168.1.254
tag ICMP JITTER R1-PC2
frequency 30
ip sla schedule 2 life 150 start-time now
Then, i use a software called PCATTCP to send UDP datagrams from PC2 to PC1. When PC2 send UDP at 2Mb/s or more, the results look like :
IPSLA operation id: 2
       Latest RTT: 319 milliseconds
Latest operation start time: 16:08:11.458 GMT+1 Thu Mar 22 2012
Latest operation return code: OK
---- Path Jitter Statistics ----
Hop IP 10.0.0.2:
Round Trip Time milliseconds:
       Latest RTT: 326 ms
       Number of RTT: 10
       RTT Min/Avg/Max: 319/294/333 ms
Jitter time milliseconds:
       Number of jitter: 7
       Jitter Min/Avg/Max: 2/5/9 ms
Packet Values:
       Packet Loss (Timeouts): 0
       Out of Sequence: 1
       Discarded Samples: 1
Hop IP 192.168.2.2:
Round Trip Time milliseconds:
       Latest RTT: 319 ms
       Number of RTT: 10
       RTT Min/Avg/Max: 315/255/322 ms
Jitter time milliseconds:
       Number of jitter: 5
       Jitter Min/Avg/Max: 3/4/7 ms
Packet Values:
       Packet Loss (Timeouts): 0
       Out of Sequence: 2
       Discarded Samples: 2
Operation time to live: 134 sec
How is it possible to get a minimum value greater than the average ??? I don't understand :/
Thanks.
Regis

Thanks for your answers, I'll try to change the IOS.
I noticed that the problem happens only when there are Out of Sequence packets (ICMP reply not received).
I've done again the tests, and and captured the packets with Wireshark between the two routers. I calculated the average with the values in Wireshark by adding 0 for each Out of Sequence packet, then dividing by the Number of RTT. And I got the average value displayed.
*** For example ***
10 ICMP requests are send.
9 received (ms) : 337; 334; 328; 337; 334; 328; 323; 333; 327. [values obtained with Wireshark]
--> The IP SLA results are :
Round Trip Time milliseconds:
     Number of RTT: 10
     RTT Min/Avg/Max: 324/298/338 ms
Packet Values:
     Packet Loss (Timeouts): 0
     Out of Sequence: 1
     Discarded Samples: 1
Then, let's calculate the average value :
Avg = (337+334+328+337+334+328+323+333+327+0)/10 = 298.1
And that works every time.
Regis

How to enable/allow IPv6 ping requests

My IPV6 provider sixxs.net needs to ping my end of the IPV6 connection. It looks like the working AEBS tunnel that I have setup is not responding to pings. Strangely the public IPv4 address seems quite happy to respond.
How can I get the AEBS to respond to IPV6 ICMP requests?
This is urgent as sixxs.net will disable my tunnel if they cannot reliably test connectiivity.
Thanks,
Adrian

Thank you! I can't tell yet if that solved the problem.... I was able to click a few more facebook ads, but haven't seen the original one yet and don't know if there was something different about it. I did add the couple of websites I wanted to allow pop-ups for, and I'll test out the USPS one with my next shipment. I just updated yesterday to whatever the latest version of firefox is, and this time it seems like there are more changes than previous recent updates which I'm not used to yet. Since I visit new sites regularly, I'd like to be given the option with each one to allow the pop-up right on the spot, vs. having to go into the settings and add that particular website that I may or may not visit again. Unless I'm missing something, that seems kind of inconvenient.

Icmp poller on solaris 10: lot's of unexplained ping failed

Hello to everybody, and if someone can help me on the following problem...
I use the IBM tivoli netcool network manager icmp poller on a solaris sparc local zone server, and for a reason I don't understand, regularly, I have lot's of unexplained ping failed.
Note that the poller is configured to poll about 9000 Ip address every 4 minutes. And often, some of the IP address (but generally not the same) don't reply to the icmp request for 2-10 seconds max. And it seems that the tool is not the problem because, when I test myself with the ping command on concerned IP address, I have effectively the following message for only few seconds:
"icmp host unreacheable from gateway yvasl110" (yvasl110 is the name of the local zone server)
I notice that the ipOutNoRoutes increases very often on this specific server:
netstat -s -P ip
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives =3113915 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 187
ipInUnknownProtos = 3 ipInDiscards = 3495
ipInDelivers =4391757 ipOutRequests =3059887
ipOutDiscards = 0 ipOutNoRoutes =117387
ipReasmTimeout = 15 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts = 4495
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 0
Note that I have another same server with the same tool and same list of IP address, and I have no problem: no ping failed and ipOutNoRoutes = 0
I have already analyzed the network connexion (and already switched on another network connexion: network card+switch) = no effect.
I install the last Solaris patch = no effect.
And tcp solaris parameters are the same on the 2 servers.
So, I don't understand. :o(

Solaris ships with NTP code that is probably more than a decade old. xntpd is version 3 (probably with some patches by Sun), but ntp version 4 has been out for years.
That said, even the ancient version 3 stuff is usually functional, so the fact that yours isn't working seems somewhat odd.
But if you can't restart NTP, then it'll be difficult to debug. Looks like it's running, but has no servers configured. Possibly at the time the machine booted, the names could not be resolved? So NTPD came up with no servers listed. Just a guess.
Darren

ASA /Router -SNMP Trap when IP SLA monitored (ICMP timeout)

Hi,
I am looking for some solution for my below requirment
Requirment is :
How do I configure ASA or Router to send SNMP Trap when IP SLA monitored features enabled (ICMP request or 900 millisecond delay from destination IP)
Thanks in advance..

Hi,
Maybe this thread might help you?
https://supportforums.cisco.com/thread/2039293
I have not personally configured these type of SLA configurations on an ASA other than for testing purposes. We handle Dual ISP setups outside the ASA firewalls.
- Jouni

ICMP Inspection and Extended Access-List

I need a little help clarifying the need for an Extended Access-list when ICMP Inspect is enabled on an ASA. From reading various documents such as the following (http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/15246-31.html), I CAN allow ICMP through my ASA using an extended access-list or enabling ICMP Inspection in the Modular Policy Framework. Is that true? I only NEED an Extended Access-list or enable ICMP Inspection? I do not need both? Or is it best practice to do both?
What does the ASA do to a PING from a host on the inside interface (Security 100) to host on the outside interface (Security 0) when ICMP Inspection is enabled with the following commands:
policy-map global_policy
class inspection_default
inspect_icmp
However, the following commands are NOT placed on the inbound Extended Access-list of the outside interface:
access-list inbound permit icmp any any echo-reply
access-list inbound permit icmp any any source-quench
access-list inbound permit icmp any any unreachable
access-list inbound permit icmp any any time-exceeded
access-group inbound in interface outside
Will the PING complete?
Thank you,
T.J.

Hi, T.J.
If problem is still actual, I can answer you this question.
Let's see situation without ICMP inspection enabled:
The Cisco ASA will allow ICMP packets only in case if ACL entry exist on interface, where packet goes in. If we're speaking about ping, then ACL rules must allow packets in both directions.
In case with ICMP inspection, with ACL entry you should allow only request packets, replies will be allowed based on ICMP inspection created connection.
Speaking about your particular example with different security levels - with default ACL rule, that allow traffic from higher interface to lower - NO, you can do not enter that rules you described, and as you'll have successful ping.
If you deleted this rule and administrate allowed traffic manually, then YES, you must allow ICMP requests to have successful ping.
P.S. It's not a good practice to leave that default rule, which allow traffic from higher sec.lvl. to lower.

ACE: How to have icmp-reply active ignore redirect rhosts?

I'm wondering if anyone knows if I can have an ace4710 not reply to ICMP requests for a VIP unless atleast one of the host rservers is up. It appears to reply if just a single redirect service is online.
Thanks,
Chad

Chad,
Thanks for the clarification regretably I'm pretty sure the ACE works alike as the CSS in this requirement.
The problem is that the content rules (CSS) and the class-maps (ACE) are not dependent with each other. i.e with a config like the one shown below regardless if you suspend the service SIP or the content Web, ICMP still is going to be answered as the MAC address is still allocated on the arp table of your SW, in this case for the content Redirect there's no way you can stop ICMP replies other than manually suspending the rule.
owner Web
content Redirect
    vip address 10.10.10.10
    url "/*"
    port 80
    protocol tcp
    redirect "http://website.com/blah.htm"
    active
content Web
    vip address 10.10.10.10
    port 80
    protocol tcp
    url "/blah*"
    add service SIP
    active
I had thought I would've been able to it with an ACL like this one buuuut this is not traffic directed to the VIP :S
acl 5
clause 1 deny icmp any destination content Web/Redirect
clause 2 permit icmp any destination content Web/Web
clause 3 permit any any destination any
apply circuit-(VLAN10)
Same happens with the ACE redirect services will always make the VIP show as "inservice" as they don't require a health check to check the aliveness, these ones were thought to be UP all the time.
serverfarm host Web
probe HTTP
rserver Web-1
    inservice
rserver Web-2
    inservice
rserver redirect Redirect
webhost-redirection https://%h/blah.htm
inservice
serverfarm redirect Blah
rserver Redirect
    inservice
class-map type http loadbalance match-any Any
2 math http url .*
class-map type http loadbalance match-any Blah
2 match http url /blah.htm
policy-map type loadbalance first-match Insertion
   class Blah
     serverfarm Web
   class Any
     serverfarm Blah

Blocking unsolicited echo-reply from the outside of firewall

What is the easiest way to stop unsolicited icmp echo-reply packets coming from the outside of an Cisco ASA 5500 firewall?

Hi,
The firewall should now allow any ICMP Echo replys through the firewall if it hasnt seen a Echo for that same reply.
Instead of allowing Inbound ICMP from the WAN with an ACL you should configure ICMP Inspection
In a very default ASA configuration they would be added in the following way
policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
Hope this helps
- Jouni

Unsolicited ICMP requests

Similar Messages

Maybe you are looking for