mailing list archives
Re: Is it hacking?
From: DanBasics () gmail com
Date: 17 Jun 2005 04:05:01 -0000
I would set up a sniffer to capture the traffic producing the alert. Try to get the MAC address of the machine
generating the traffic so you will have more to go on.
If your network is a 10.0.0.X address then you would not be able to normally see that traffic unless there is a router
involved or the broadcast is going to 255.255.255.255.
Could you possibly have a misconfigured interface on your box? "ifconfig -a" I think in linux?
If the alert is every 5 minutes then I would say it is something misconfigured on the network. Worms would generate
faster alerts and an attacker probably would not be so regular.
Depending on if you are in control of the network and won't make anyone mad, you can reassign the ip on your machine to
192.168.1.252 and try to nmap the other ip address.
Its been a long time since I've posted to basics so reply back, and I will be happy to explain anything above in more
I'm getting the following entery in the
message log every 5 mins:
kernel: 192.168.1.251 sent an invalid ICMP
error to a broadcast.
I'm running Redhat Linux 9. Is it an attempt
to hack into the system? Any advice?