unwanted network traffic on tcp port 135

debasish_5849 · 04-20-2006, 03:13 AM

I have a DSL connection to my home PC through which I surf the internet. I need to pay for every byte tranmitted or recieved by my PC.
I am finding that requests are comming on a number of IP addresses on TCP port 135 and my computer replies with ICMP, thus making me pay for them. Can you tell me if there is way out to stop this unwanted traffic?
here is the output from Ehtereal.

[HTML]No. Time Source Destination Protocol Info
1 0.000000 59.93.204.20 59.93.202.108 TCP 3568 > 135 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 1 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.204.20 (59.93.204.20), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3568 (3568), Dst Port: 135 (135), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
2 0.000086 59.93.202.108 59.93.204.20 ICMP Destination unreachable (Host administratively prohibited)

Frame 2 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.204.20 (59.93.204.20)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
3 2.676280 59.93.115.138 59.93.202.108 TCP 2903 > microsoft-ds [SYN] Seq=0 Ack=0 Win=64800 Len=0 MSS=1412

Frame 3 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.115.138 (59.93.115.138), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 2903 (2903), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
4 2.676383 59.93.202.108 59.93.115.138 ICMP Destination unreachable (Host administratively prohibited)

Frame 4 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.115.138 (59.93.115.138)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
5 2.890119 59.93.204.20 59.93.202.108 TCP 3568 > 135 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 5 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.204.20 (59.93.204.20), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3568 (3568), Dst Port: 135 (135), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
6 2.890187 59.93.202.108 59.93.204.20 ICMP Destination unreachable (Host administratively prohibited)

Frame 6 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.204.20 (59.93.204.20)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
7 5.778743 59.93.87.129 59.93.202.108 TCP 3681 > 135 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 7 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.87.129 (59.93.87.129), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3681 (3681), Dst Port: 135 (135), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
8 5.778851 59.93.202.108 59.93.87.129 ICMP Destination unreachable (Host administratively prohibited)

Frame 8 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.87.129 (59.93.87.129)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
9 5.836649 59.93.115.138 59.93.202.108 TCP 2903 > microsoft-ds [SYN] Seq=0 Ack=0 Win=64800 Len=0 MSS=1412

Frame 9 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.115.138 (59.93.115.138), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 2903 (2903), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
10 5.836728 59.93.202.108 59.93.115.138 ICMP Destination unreachable (Host administratively prohibited)

Frame 10 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.115.138 (59.93.115.138)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
11 6.556597 87.11.8.252 59.93.202.108 TCP 1502 > 4662 [SYN] Seq=0 Ack=0 Win=32000 Len=0 MSS=1412

Frame 11 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 87.11.8.252 (87.11.8.252), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 1502 (1502), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
12 6.556705 59.93.202.108 87.11.8.252 ICMP Destination unreachable (Host administratively prohibited)

Frame 12 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 87.11.8.252 (87.11.8.252)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
13 6.843385 59.93.129.76 59.93.202.108 TCP 4514 > microsoft-ds [SYN] Seq=0 Ack=0 Win=64800 Len=0 MSS=1412

Frame 13 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.129.76 (59.93.129.76), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 4514 (4514), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
14 6.843455 59.93.202.108 59.93.129.76 ICMP Destination unreachable (Host administratively prohibited)

Frame 14 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.129.76 (59.93.129.76)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
15 7.221829 81.202.22.195 59.93.202.108 TCP 1869 > 4662 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 15 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 81.202.22.195 (81.202.22.195), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 1869 (1869), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
16 7.221927 59.93.202.108 81.202.22.195 ICMP Destination unreachable (Host administratively prohibited)

Frame 16 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 81.202.22.195 (81.202.22.195)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
17 8.749650 59.93.87.129 59.93.202.108 TCP 3681 > 135 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 17 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.87.129 (59.93.87.129), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3681 (3681), Dst Port: 135 (135), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
18 8.749720 59.93.202.108 59.93.87.129 ICMP Destination unreachable (Host administratively prohibited)

Frame 18 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.87.129 (59.93.87.129)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
19 9.536883 71.70.166.100 59.93.202.108 TCP 3599 > 4662 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 19 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 71.70.166.100 (71.70.166.100), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3599 (3599), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
20 9.536996 59.93.202.108 71.70.166.100 ICMP Destination unreachable (Host administratively prohibited)

Frame 20 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 71.70.166.100 (71.70.166.100)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
21 9.589862 87.11.8.252 59.93.202.108 TCP 1502 > 4662 [SYN] Seq=0 Ack=0 Win=32000 Len=0 MSS=1412

Frame 21 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 87.11.8.252 (87.11.8.252), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 1502 (1502), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
22 9.589935 59.93.202.108 87.11.8.252 ICMP Destination unreachable (Host administratively prohibited)

Frame 22 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 87.11.8.252 (87.11.8.252)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
23 9.745308 59.93.129.76 59.93.202.108 TCP 4514 > microsoft-ds [SYN] Seq=0 Ack=0 Win=64800 Len=0 MSS=1412

Frame 23 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.129.76 (59.93.129.76), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 4514 (4514), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
24 9.745376 59.93.202.108 59.93.129.76 ICMP Destination unreachable (Host administratively prohibited)

Frame 24 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 59.93.129.76 (59.93.129.76)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
25 9.968044 81.202.22.195 59.93.202.108 TCP 1869 > 4662 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 25 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 81.202.22.195 (81.202.22.195), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 1869 (1869), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
26 9.968111 59.93.202.108 81.202.22.195 ICMP Destination unreachable (Host administratively prohibited)

Frame 26 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 81.202.22.195 (81.202.22.195)
Internet Control Message Protocol

No. Time Source Destination Protocol Info
27 12.530933 71.70.166.100 59.93.202.108 TCP 3599 > 4662 [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412

Frame 27 (64 bytes on wire, 64 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 71.70.166.100 (71.70.166.100), Dst Addr: 59.93.202.108 (59.93.202.108)
Transmission Control Protocol, Src Port: 3599 (3599), Dst Port: 4662 (4662), Seq: 0, Ack: 0, Len: 0

No. Time Source Destination Protocol Info
28 12.531001 59.93.202.108 71.70.166.100 ICMP Destination unreachable (Host administratively prohibited)

Frame 28 (92 bytes on wire, 92 bytes captured)
Linux cooked capture
Internet Protocol, Src Addr: 59.93.202.108 (59.93.202.108), Dst Addr: 71.70.166.100 (71.70.166.100)
Internet Control Message Protocol
[/PHP][/HTML]

Simon Bridge · 04-20-2006, 03:37 AM

Yeah - you can turn off icmp echo requests and block port 135 using iptables.

nx5000 · 04-20-2006, 10:41 AM

"I need to pay for every byte recieved by my PC."

It's a joke?

I should do a company like this and ping all my customers.

debasish_5849 · 04-20-2006, 10:31 PM

Quote:

Originally Posted by nx5000

"I need to pay for every byte recieved by my PC."

It's a joke?

I should do a company like this and ping all my customers.

Yah, cos in India, nobody seems to care for these subtle things, they just go for easy implementation. Like for example, if I'm using a different browser than IE, I won't be able to view my internet usage by logging into my provider's site. It clearly says "Sorry, IE is required". I guess they don't have contract with Microsoft.

debasish_5849 · 04-20-2006, 10:33 PM

Please tell me how I turn off ICMP and request on port 135?
I'm just a newbie in those administration things.