Re: Is it hacking?

[DanBasics () gmail com]

I would set up a sniffer to capture the traffic producing the alert.  Try to get the MAC address of the machine 
generating the traffic so you will have more to go on.  

If your network is a 10.0.0.X address then you would not be able to normally see that traffic unless there is a router 
involved or the broadcast is going to 255.255.255.255.  

Could you possibly have a misconfigured interface on your box?  "ifconfig -a" I think in linux?

If the alert is every 5 minutes then I would say it is something misconfigured on the network.  Worms would generate 
faster alerts and an attacker probably would not be so regular.

Depending on if you are in control of the network and won't make anyone mad, you can reassign the ip on your machine to 
192.168.1.252 and try to nmap the other ip address.

Its been a long time since I've posted to basics so reply back, and I will be happy to explain anything above in more 
detail.

Daniel

> Hello everyone,
>
> I'm getting the following entery in the 
> message log every 5 mins:
>
> kernel: 192.168.1.251 sent an invalid ICMP 
> error to a broadcast.
>
> I'm running Redhat Linux 9. Is it an attempt 
> to hack into the system? Any advice?
>
> Thanks,
>
> AR