Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | frequent pings from ntl


You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Virgin Media Services > Virgin Media Internet Services
Reload this Page frequent pings from ntl
Register FAQ Members List Calendar Mark Forums Read

frequent pings from ntl
Reply
 
Thread Tools
Old 18-10-2007, 19:14   #1
cf.member
 
rikur's Avatar
 
Join Date: Dec 2006
Posts: 55
rikur will become famous soon enoughrikur will become famous soon enoughrikur will become famous soon enough
frequent pings from ntl
Every second I am receiving a ping request from 195.182.176.193

The address resolves to an ntl address, which appears to be part of the ntl core at Hersham (as opposed to a customer address).

This has been going on from several weeks.
Any idea what it is, and why it is pinging away so merrily.

Also, less often I get a series of pings from 172.22.12.222. As this is RFC1918 non-routable address space, I assume this must also be coming from ntl infrastructure.

Any ideas? Anyone else getting similar?

Not a major problem, but cluttering up my log files!
rikur is offline   Reply With Quote
Old 18-10-2007, 22:00   #2
ex VM Tech support agent
 
Join Date: Oct 2007
Location: Swansea
Services: Virgin media XL TV, phone and 20mb broadband
Posts: 14
jo.v is on a distinguished roadjo.v is on a distinguished road
Send a message via MSN to jo.v
Re: frequent pings from ntl
This is a ping from the DHCP. The DHCPs ping the modems every so often to check if the modems are online so that the ip addresses are renewed when needed.
jo.v is offline   Reply With Quote
Old 18-10-2007, 22:04   #3
EX-ntl: staff
 
monkey2468's Avatar
 
Join Date: Feb 2004
Location: Teeside, then Sutton, and now live in Mansfield
Age: 30
Services: Samsung 2110 digi TV and TVDrive, Ambit 250 20Mb cablemodem, 1Xphoneline, Virgin mobile contract p
Posts: 1,002
monkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond reputemonkey2468 has a reputation beyond repute
Re: frequent pings from ntl
It shouldn't do it every second though, should it?
monkey2468 is offline   Reply With Quote
Old 18-10-2007, 22:15   #4
 
Join Date: Aug 2006
Posts: 809
eth01 is a name known to alleth01 is a name known to alleth01 is a name known to alleth01 is a name known to alleth01 is a name known to alleth01 is a name known to alleth01 is a name known to alleth01 is a name known to all
Re: frequent pings from ntl
Quote:
Originally Posted by monkey2468 View Post
It shouldn't do it every second though, should it?
I wouldn't have thought so. Also, I doubt the DHCP servers, would be able to cope with performing PING's every minute or so... IMHO..
__________________
eth01 will return when others don't feel the need to troll as much as they do.
eth01 is offline   Reply With Quote
Old 18-10-2007, 23:02   #5
ex VM Tech support agent
 
Join Date: Oct 2007
Location: Swansea
Services: Virgin media XL TV, phone and 20mb broadband
Posts: 14
jo.v is on a distinguished roadjo.v is on a distinguished road
Send a message via MSN to jo.v
Re: frequent pings from ntl
There is no set time on how often they ping the modems but this does happen.
do you get an alert when it does this?
jo.v is offline   Reply With Quote
Old 19-10-2007, 07:54   #6
cf.member
 
rikur's Avatar
 
Join Date: Dec 2006
Posts: 55
rikur will become famous soon enoughrikur will become famous soon enoughrikur will become famous soon enough
Re: frequent pings from ntl
not an alert as such.... I'm use proper cisco pix firewalls so it gets trapped and logged by the pix.

It's only been in the past few weeks that it's started happening with such vigour (i.e. every second) .... it no doubt did it before that occassionally, but to be honest with all the other noise hitting the firewall I wouldn't have noticed it

If this is the DHCP server, I'm not sure what it is hoping to achieve by pinging, as I'm sure I'm not the only person on the network who has configured their firewall to silently drop ping requests.
rikur is offline   Reply With Quote
Old 19-10-2007, 08:26   #7
a magical cat
 
mrmistoffelees's Avatar
 
Join Date: Jul 2007
Location: Middlesbrough
Age: 32
Services: XL TV V+ in three rooms and XL broadband
Posts: 1,059
mrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of societymrmistoffelees is a pillar of society
Re: frequent pings from ntl
You're causing the issue yourself by blocking ICMP on the WAN port

External ICMP requests should NOT be blocked by your router as this can affect the speed and other factors of your connection

see robin walkers cm page for more info on this

http://homepage.ntlworld.com/robin.d...y.html#stealth
__________________
Quis custodiet ipsos custodes?
mrmistoffelees is offline   Reply With Quote
Old 21-10-2007, 22:34   #8
cf.member
 
rikur's Avatar
 
Join Date: Dec 2006
Posts: 55
rikur will become famous soon enoughrikur will become famous soon enoughrikur will become famous soon enough
Re: frequent pings from ntl
I'm sure Robin's advise is well intended, but this goes against all common security best practice.

Robin's bold statements about there being no risks in having echo-reply enabled are simply wrong.

Sans institute are a slightly more authoritive source on security best practice, and they recommend despite the legitimate uses of ping, it's best blocked - similarly every Verisign firewall that I've had installed block it.

http://www.sans.org/resources/idfaq/icmp_misuse.php

I would have thought knowing ntl's customer base are either going to be using Windows XP, Vista, or a cheaper router, almost all of which block echo requests on the WAN, it would be a flawed design decision to require icmp in the network design
rikur is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 13:27.


Links
Google
 
Web www.cableforum.co.uk

Contact Us - Service Status - Virgin.Net Status - Cable Forum - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0
Copyright © 2003 - 2008, Cable Forum.
(s204569790.onlinehome.info)
Copyright © 2008 Cable Forum | Hosted By 1&1 | Privacy Policy | Terms of Use Message Boards and Forums Directory