Solved

message?

Posted on 2004-05-03
13
255 Views
Last Modified: 2010-04-20
Hello experts,

I get a strange message on my linux box. It always pop au on my screen and it says:

172.31.217.5 sent an invalind ICMP error to a broadcast.

Can enybody tell my what it can means?

thanks

Luxana
0
Comment
Question by:Luxana
  • 7
  • 6
13 Comments
 
LVL 8

Expert Comment

by:da99rmd
Comment Utility
Some one is sending an invalid ICMP packet to you, probobly someone infected with some virus or some trojan of some kind.
Do you know the computer with that ip ?

/Rob
0
 
LVL 8

Expert Comment

by:da99rmd
Comment Utility
Nothing to be alarmed on do you have a firewall up and running ?
ANd what service are appending the message ?

/Rob
0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
this IP 172.31.217.5 is not on my network at all.

I'm blocking some ports with iptables and I'm traing to get my shorewall on.

I do not know which servise is appendig to this message . How can I found out?
0
 
LVL 8

Expert Comment

by:da99rmd
Comment Utility
I guess it appeard in /var/log/messages right ?
if so the [(service)] will tell you what service thats addes this entry.

/Rob
0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
Rob

here is what I foud in /var/log/messages

May  2 10:52:00 luxana kernel: 172.31.217.5 sent an invalid ICMP error to a broadcast.
May  2 10:55:10 luxana kernel: 172.31.217.5 sent an invalid ICMP error to a broadcast.

it is also from another IP:

May  2 10:55:12 luxana kernel: 172.31.217.1 sent an invalid ICMP error to a broadcast.

what you thing?
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 20 total points
Comment Utility
Ill just explain this
< --- date ------><--service->  <--------------- message ---------------------------------->
May  2 10:55:12 luxana kernel: 172.31.217.1 sent an invalid ICMP error to a broadcast.

So it was from the kernel the message arrived.

Then it was just so that an invalid ICMP packet arrived from that host 172.31.217.5 the reasons can be:
The host 172.31.217.5 was infected of som virus or trojan.
Or there where some korruption of the packet on the way to your computer.

Are there many entrys or just these ?

/Rob

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 10

Author Comment

by:Luxana
Comment Utility
there are many entres like this above. It starts

May  2 06:50:04 till now. I have no messages before it starts.

this is firstone:

May  2 06:47:04 luxana syslogd 1.4.1#10: restart.
0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
Rob I have absolutely different netmask so I have no idea where this IP above is from..
0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
Rob I have absolutely different netmask so I have no idea where this IP above is from..
0
 
LVL 8

Expert Comment

by:da99rmd
Comment Utility
Oki,
what ISP do you have ?
And are you on the 172.31.217.0 net ?

YOu can write the ISp and tell them that the host are sending strange packets, just to infomr them.

/Rob
0
 
LVL 8

Expert Comment

by:da99rmd
Comment Utility
Oki its some kind of broadcast you can just ignore it if its not bursting at your host.
Or just block it in your iptables rules.

/Rob
0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
My isp is on totally different subnet so really I have no idea whre the meesage is from.

my intternal net is 192.168.0.0
ent extrernal have just 3 hosts


Rob just now I get my firewall working so it seems like I'm filly protected. So now I have to go and I'll check it tomorow and accept your answer.

0
 
LVL 10

Author Comment

by:Luxana
Comment Utility
rob  for help and patient no messages from yesterday when I start firewall.

thanks you

Luxana

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20976691.html
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now