Security Basics mailing list archives
Re: Is it hacking?
From: DanBasics () gmail com
Date: 17 Jun 2005 04:05:01 -0000
I would set up a sniffer to capture the traffic producing the alert. Try to get the MAC address of the machine generating the traffic so you will have more to go on. If your network is a 10.0.0.X address then you would not be able to normally see that traffic unless there is a router involved or the broadcast is going to 255.255.255.255. Could you possibly have a misconfigured interface on your box? "ifconfig -a" I think in linux? If the alert is every 5 minutes then I would say it is something misconfigured on the network. Worms would generate faster alerts and an attacker probably would not be so regular. Depending on if you are in control of the network and won't make anyone mad, you can reassign the ip on your machine to 192.168.1.252 and try to nmap the other ip address. Its been a long time since I've posted to basics so reply back, and I will be happy to explain anything above in more detail. Daniel
Hello everyone, I'm getting the following entery in the message log every 5 mins: kernel: 192.168.1.251 sent an invalid ICMP error to a broadcast. I'm running Redhat Linux 9. Is it an attempt to hack into the system? Any advice? Thanks, AR
Current thread:
- Is it hacking? A Riaz (Jun 15)
- <Possible follow-ups>
- RE: Is it hacking? Jennifer Fountain (Jun 16)
- RE: Is it hacking? A Riaz (Jun 16)
- Message not available
- Re: Is it hacking? skarvin (Jun 16)
- RE: Is it hacking? A Riaz (Jun 16)
- RE: Is it hacking? Bozovic, Milos (Jun 16)
- RE: Is it hacking? Jennifer Fountain (Jun 17)
- RE: Is it hacking? James M. Clark (Jun 17)
- Re: Re: Is it hacking? verisignsoft (Jun 17)
- Re: RE: Is it hacking? anon (Jun 17)
- Re: Is it hacking? DanBasics (Jun 17)