ICMP is a ping request. It just means that you are unable to get to that box. But, you want to know why your box is trying to hit it. Are you running the box as a webserver or any other type of server? Is this a ping from the outside or inside? Does Logwatch tell you this?
Brian Kelsay
docv <> 10/12/04 07:37AM >>>
I've got a box running RH9.0 and in the Logwatch report last night, I got the following entry;
--------------------- Kernel Begin ------------------------
8 Time(s): ICMP: 65.70.45.21: Source Route Failed.
---------------------- Kernel End -------------------------
Unfortunately, the is NOT my IP address!!! Is this telling me what I think it is, The box has been compromised????
No, Logwatch doesn't tell me where it came from. I am running HTTP, DNS and POP3 on that box. I did have an alert message from my router letting me know that an attack was unsuccessful from that IP address, inbound from WAN, but was concerned when I say that this log message was coming from the kernel. I'm obviously not very knowledgeable about TCP/IP protocols but this old dog is still learning! ;-)
And to answer Dustin's question, no, that's not my clinic. As in my signature lines, my clinic is the Laser Pain Relief Center in downtown Lee's Summit (just opened it up 3 weeks ago).
Brian Kelsay wrote:
ICMP is a ping request. It just means that you are unable to get to that box. But, you want to know why your box is trying to hit it. Are you running the box as a webserver or any other type of server? Is this a ping from the outside or inside? Does Logwatch tell you this?
Brian Kelsay
-
Brian Kelsay -
docv