What may be causing these errors?
Matthew Carpenter
matt
Sun Dec 19 16:20:27 PST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Perhaps more could be discerned from a capture, but initially this looks
like a potential attack. You probably have "Log Martians" enabled, and
these are ICMP packets which do not fit the proper format (Martians). I
would look into the sender (166.70.4.82) and find out what you can about
that host. (one tool which will attempt to passively fingerprint a host
is p0f, search google).
If this is your box then let us know.
IIRC ICMP type 3 is a Failed to reach Host/Network, and the code tells
the real message (again, search Google, I don't recall offhand and am in
the car)
Dr. Jones wrote:
| I get the following errors, seen upon rebooting while closing systems
| down, and then again during boot up. I would love to figure out where
| they are from and how to fix my system to prevent this:
|
| Dec 12 06:47:16 scott syslogd 1.4.1#16: restart.
| Dec 12 06:54:22 scott kernel: 166.70.4.82 sent an invalid ICMP type 3,
| code 13 error to a broadcast: 255.255.255.255 on eth0
| Dec 12 07:06:22 scott kernel: 166.70.4.82 sent an invalid ICMP type 3,
| code 13 error to a broadcast: 255.255.255.255 on eth0
|
| My network interface card is eth0......my ISP is at 166.70.xxx.xxx.
|
| These errors seem to continue despite clean shutdown and reboot......
|
| Any ideas on what could be causing this?
|
| Scott
|
- --
Matthew Carpenter
matt at eisgr.com http://www.eisgr.com/
Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBxY5Qso9lqh4MragRAlARAJ9jVMYDMQq2fwZIXBh269rLNqcocACePvG/
t+dNm7Ys/TmqsV9DizPHcrc=
=vqjf
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list