After researching and sampling a few bandwidth monitors, I ran across Net-Peeker (http://www.net-peeker.com/) at bluetack(http://www.bluetack.co.uk)
This program showed me in realtime that my system process was communicating with www.heartbeat.com over the ICMP protocol. Since I have never been to this site and I deemed any data in/outbound unwarranted I blocked the ICMP traffic to and from www.heartbeat.com using Net-Peeker's firewall.
Instantly www.google.com appeared under the system process with in/outbound traffic on the ICMP protocol, I denied in/outbound traffic for that specific google address.
Again instantly www.yahoo.com appears with the same traffic on ICMP, I blocked it, then google reappears from a different address.
I ended up blocking the entire range of addresses(ICMP only) for google and yahoo. www.google.com is unrelenting and Net-Peeker blocks an outbound echo to a random google address almost every 5 minutes.
The rule I created for the firewall is set to block both in/outbound traffic w/googles entire range of addresses, and to alert me when said security event is triggered. The only alerts I receive notify me that an outbound ICMP, type 08: Echo was denied. Never any reference to an inbound ICMP packet
So to start off my questions are:
One: Is this being generated from my computer?
Two: If my computer is instigating this ICMP traffic, How do I eliminate it?
Don't get me wrong I'm not trying to shutdown all in/outbound ICMP traffic, I would just prefer it be generated by me and not some phantom menace lurking on my HD.
here's a screenshot of events triggered, details for System process:
I have run the following programs
mbam(updated) -full scan
turned off systems restore
ran AVG 8.5 (updated) - full scan
All found nothing
System is compaq SR2038x, running XP media center edition(for a proprietary heap, she has served me well.....till now)
Any information is appreciated as I have exhaustively tried to find relative info on this topic.
Thanks in advance!
Edited by fuzylogic, 24 July 2009 - 01:31 AM.