Re: icmplogd question
I am not sure if there is a deb pkg for "iptraf" or not, but I would
suggest that to
monitor traffic.
I would suggest snort http://www.snort.org/ as an IDS.
robt
Eric Jennings wrote:
>
> Well, it's strange, because pinging the box gives a different log
> entry in syslog (something to the effect of icmplogd: ping from
> somehost.com), whereas these are different.
>
> I don't run any sort of IDS or network monitor. Do you have any suggestions?
>
> And, this has only happened twice, and from this same IP
> (202.173.151.14). The first time happened about two days ago.
>
> Eric
>
> >someone 'ping'd your box or at the very least requested your machine
> >send back icmp replies
> >
> >...also, looks like some sort of scan, do you run and IDS or network monitor?
> >
> >does this happen from any OTHER hosts or just this one?
> >
> >robt
> >
> >Eric Jennings wrote:
> >>
> >> Hi all-
> >>
> >> Can anyone shed some light on this log entry that keeps showing up in
> >> my syslog?
> >>
> >> Feb 1 08:31:37 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:38 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:38 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:38 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:39 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:40 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:40 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:41 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:42 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:49 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:51 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:53 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:53 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:53 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:54 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:54 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:56 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:59 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:31:59 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:32:00 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:32:00 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:32:02 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:32:03 bubinga icmplogd: source route from [202.173.151.14]
> >> Feb 1 08:32:03 bubinga icmplogd: source route from [202.173.151.14]
> >>
> >> You can see just how often they're happening. I've dug through some
> >> sites looking for an explanation of this output, but to no avail.
> >> Any help or explanation would be greatly appreciated.
> >>
> >> regards-
> >> Eric
> >>
> >> --
> >> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact
> >>listmaster@lists.debian.org
> >
> >
> >--
> >To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: