This is from my ZoneAlarm;

""Details


ICMP messages are the Internet's control messages. Routers and computers use these messages to determine how to route information from one place to another on the Internet and to keep track of the routing of that traffic. The ICMP Destination Unreachable message tells your computer that something you tried to send could not be delivered to its destination. An additional code within the message indicates the reason. Some examples of reasons why your data might not be deliverable include:

No route currently exists to reach the network you were trying to reach.
No route currently exists to get to the specific computer you were trying to reach.
The packet of data that you were trying to send was too large.
A network administrator has installed a packet filter that refuses to forward the kind of communication you were trying to send.
The reason code in the message that generated this alert was 0. Please see the links below for detailed information about different ICMP Type 3 Destination Unreachable codes and their meanings.

Internet standards dictate that the ICMP Destination Unreachable messages is only sent as a response; however, hackers frequently disregard these standards when trying to attack or break into other people's computers. For this reason, if ZoneAlarm detects one of these messages and cannot determine what it is responding to, ZoneAlarm will block the message -- for example, if the response took too long, or if the packet is not a response at all.

The action of blocking the message normally has no effect on your application if the message was legitimate. It does however protect you against hackers if the message was not legitimate.""

I haven't sent anything at all today, and nothing has tried to access the Internet (well, not through ZoneAlarm anyway!) ... so, is this a hack attempt?

The number it gave was 213.121.143.83

Boy, am I glad I've got ZoneAlarm...and use it! ;-)

Deli

Deli,

See this results of an arin search to see if it gives you any clues:

inetnum: 213.121.143.64 - 213.121.143.127
netname: BT-LEB
descr: BT-leB
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
mnt-by: BTNET-MNT
changed: support@bt.net 20000815
changed: preston.dialip@bt.com 20010628
source: RIPE

route: 213.120.0.0/14
descr: BT Public Internet Service
origin: AS2856
remarks: Please send abuse notification to abuse@bt.net
remarks: PLEASE DIRECT ALL QUERIES TO support@bt.net
mnt-by: BTNET-MNT
changed: support@bt.net 20000607
source: RIPE

role: BTnet Support
address: 154 St Albans Rd
address: Sandridge
address: St Albans
address: Hertfordshire
address: AL4 9NH
address: GB
phone: +44 1189 512313
e-mail: support@bt.net
trouble: support@bt.net
admin-c: FLS15-RIPE
tech-c: BS1474-RIPE
nic-hdl: BS1474-RIPE
remarks: For all queries contact support@bt.net
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 20010613
changed: support@bt.net 20011112
changed: preston.dialip@bt.com 20020430
source: RIPE

This is from a search done here:

http://www.ripe.net/perl/whois

Actually it started here:

http://www.arin.net/whois/index.html

The alert could result from just surfing the web, I think. I am not the expert on those alerts. Maybe somene else can explain it.

Were you sending email to someone in the UK or chatting on IM or chat room? That IP is from Great Britain according to the query results.

It looks like your mystery site is in Southwark, London (51.500N, 0.117W).

Name:nac0375759-energis-gigabit-cluster1-hg17.
mdip.bt.net

Underdog

Thanks Suzi and Underdog.

No, I didnt send anything, and I wasnt chatting, I was here on the forum when I got that alert. I'm still baffled by it, but SO glad I've got ZoneAlarm :-)

Thanks agfain for the info :-)

Deli

yeah... Yay Zone Alarm!!

sheesh... i'm glad my firewall is blocking pings and giving me alerts every 5 seconds!!

This wasn't a hack attempt. Forget ZA and browse through a basic networking textbook.

you gave us zone alarm's description (and we already know what ICMP is for). You didn't give us the other details, like what kind of ICMP it was (ping, destination unreachable, etc...indicated by the icmp number).

And no, you weren't being hacked. You were probably being pinged

stryc9
him let me think about what you said .um disagree. do you relize that there are types of ICMP's that are harmfull as to gaining access to your system. look it up sometime.

Hello there,

ICMP Unreachable came from DoS attacker.
ICMP Ping came from Ping Flooders (hacker's tool)
ICMP Time Exceed came from Internet Service Providers or a hacker's tool.