Home page logo
/

basics logo Security Basics mailing list archives

Re: Is it hacking?
From: DanBasics () gmail com
Date: 17 Jun 2005 04:05:01 -0000

I would set up a sniffer to capture the traffic producing the alert.  Try to get the MAC address of the machine 
generating the traffic so you will have more to go on.  

If your network is a 10.0.0.X address then you would not be able to normally see that traffic unless there is a router 
involved or the broadcast is going to 255.255.255.255.  

Could you possibly have a misconfigured interface on your box?  "ifconfig -a" I think in linux?

If the alert is every 5 minutes then I would say it is something misconfigured on the network.  Worms would generate 
faster alerts and an attacker probably would not be so regular.

Depending on if you are in control of the network and won't make anyone mad, you can reassign the ip on your machine to 
192.168.1.252 and try to nmap the other ip address.

Its been a long time since I've posted to basics so reply back, and I will be happy to explain anything above in more 
detail.

Daniel

Hello everyone,

I'm getting the following entery in the 
message log every 5 mins:

kernel: 192.168.1.251 sent an invalid ICMP 
error to a broadcast.

I'm running Redhat Linux 9. Is it an attempt 
to hack into the system? Any advice?

Thanks,

AR


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault