Solved

message?

Posted on 2004-05-03
13
267 Views
Last Modified: 2010-04-20
Hello experts,

I get a strange message on my linux box. It always pop au on my screen and it says:

172.31.217.5 sent an invalind ICMP error to a broadcast.

Can enybody tell my what it can means?

thanks

Luxana
0
Comment
Question by:Luxana
  • 7
  • 6
13 Comments
 
LVL 8

Expert Comment

by:da99rmd
ID: 10976168
Some one is sending an invalid ICMP packet to you, probobly someone infected with some virus or some trojan of some kind.
Do you know the computer with that ip ?

/Rob
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10976175
Nothing to be alarmed on do you have a firewall up and running ?
ANd what service are appending the message ?

/Rob
0
 
LVL 10

Author Comment

by:Luxana
ID: 10976325
this IP 172.31.217.5 is not on my network at all.

I'm blocking some ports with iptables and I'm traing to get my shorewall on.

I do not know which servise is appendig to this message . How can I found out?
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10976403
I guess it appeard in /var/log/messages right ?
if so the [(service)] will tell you what service thats addes this entry.

/Rob
0
 
LVL 10

Author Comment

by:Luxana
ID: 10976509
Rob

here is what I foud in /var/log/messages

May  2 10:52:00 luxana kernel: 172.31.217.5 sent an invalid ICMP error to a broadcast.
May  2 10:55:10 luxana kernel: 172.31.217.5 sent an invalid ICMP error to a broadcast.

it is also from another IP:

May  2 10:55:12 luxana kernel: 172.31.217.1 sent an invalid ICMP error to a broadcast.

what you thing?
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 20 total points
ID: 10976575
Ill just explain this
< --- date ------><--service->  <--------------- message ---------------------------------->
May  2 10:55:12 luxana kernel: 172.31.217.1 sent an invalid ICMP error to a broadcast.

So it was from the kernel the message arrived.

Then it was just so that an invalid ICMP packet arrived from that host 172.31.217.5 the reasons can be:
The host 172.31.217.5 was infected of som virus or trojan.
Or there where some korruption of the packet on the way to your computer.

Are there many entrys or just these ?

/Rob

0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 10

Author Comment

by:Luxana
ID: 10976625
there are many entres like this above. It starts

May  2 06:50:04 till now. I have no messages before it starts.

this is firstone:

May  2 06:47:04 luxana syslogd 1.4.1#10: restart.
0
 
LVL 10

Author Comment

by:Luxana
ID: 10976650
Rob I have absolutely different netmask so I have no idea where this IP above is from..
0
 
LVL 10

Author Comment

by:Luxana
ID: 10976651
Rob I have absolutely different netmask so I have no idea where this IP above is from..
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10976655
Oki,
what ISP do you have ?
And are you on the 172.31.217.0 net ?

YOu can write the ISp and tell them that the host are sending strange packets, just to infomr them.

/Rob
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10976671
Oki its some kind of broadcast you can just ignore it if its not bursting at your host.
Or just block it in your iptables rules.

/Rob
0
 
LVL 10

Author Comment

by:Luxana
ID: 10976745
My isp is on totally different subnet so really I have no idea whre the meesage is from.

my intternal net is 192.168.0.0
ent extrernal have just 3 hosts


Rob just now I get my firewall working so it seems like I'm filly protected. So now I have to go and I'll check it tomorow and accept your answer.

0
 
LVL 10

Author Comment

by:Luxana
ID: 10984760
rob  for help and patient no messages from yesterday when I start firewall.

thanks you

Luxana

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20976691.html
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now