Security Basics mailing list archives
RE: Is it hacking?
From: "James M. Clark" <jclark () convera com>
Date: Thu, 16 Jun 2005 14:42:00 -0700
I have a suspicion this is a rouge dhcp as well. See if you can lease a 192 address or set to a static. I bet if you connect to the dhcp device in a browser (192.168.1.1) that should give you an idea of what type of device you are looking for. Good luck, James -----Original Message----- From: Bozovic, Milos [mailto:milos () arts si] Sent: Thursday, June 16, 2005 11:28 AM To: A Riaz; security-basics () securityfocus com Subject: RE: Is it hacking? Hello! Just a quick thought. Is it possible that someone inadvertently connected some kind of DSL router or print server with DHCP server capabilities to the network? Also, do you use dhcp on the network or static IPs for your computers? The IP you're mentioning is in common range of default installations for some of these devices. Kind regards, Milos -----Original Message----- From: A Riaz [mailto:ariaz1949 () hotmail com] Sent: Thursday, June 16, 2005 11:11 AM To: jfountain () rbinc com; security-basics () securityfocus com Subject: RE: Is it hacking? Jenn, Thanks for your response. Our network is 10.0.0.255. A machine with IP 192.168.1.251 shouldn't exist. I think I should also check if any machine on the network is infected with some virus or trojan. Thanks, AR
From: "Jennifer Fountain" <jfountain () rbinc com> To: "A Riaz"
<ariaz1949 () hotmail com>,<security-basics () securityfocus com>
Subject: RE: Is it hacking? Date: Wed, 15 Jun 2005 20:10:22 -0400 To disable the error being logged by the kernel changing the following line: echo 1 >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses From what I can tell, these aren't usually a result of an attack (but others will probably have more information.) But things to check - Is this IP on your network? Could there be a problem with that machine? HTH -Jenn -----Original Message----- From: A Riaz [mailto:ariaz1949 () hotmail com] Sent: Wednesday, June 15, 2005 11:38 AM To: security-basics () securityfocus com Cc: ariaz1949 () hotmail com Subject: Is it hacking? Hello everyone, I'm getting the following entery in the message log every 5 mins: kernel: 192.168.1.251 sent an invalid ICMP error to a broadcast. I'm running Redhat Linux 9. Is it an attempt to hack into the system? Any advice? Thanks, AR _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
_________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- Is it hacking? A Riaz (Jun 15)
- <Possible follow-ups>
- RE: Is it hacking? Jennifer Fountain (Jun 16)
- RE: Is it hacking? A Riaz (Jun 16)
- Message not available
- Re: Is it hacking? skarvin (Jun 16)
- RE: Is it hacking? A Riaz (Jun 16)
- RE: Is it hacking? Bozovic, Milos (Jun 16)
- RE: Is it hacking? Jennifer Fountain (Jun 17)
- RE: Is it hacking? James M. Clark (Jun 17)
- Re: Re: Is it hacking? verisignsoft (Jun 17)
- Re: RE: Is it hacking? anon (Jun 17)
- Re: Is it hacking? DanBasics (Jun 17)