Unsure of log report entry
Brian Kelsay
Brian.Kelsay at kcc.usda.gov
Tue Oct 12 09:58:21 CDT 2004
ICMP is a ping request. It just means that you are unable to get to that box.
But, you want to know why your box is trying to hit it. Are you running the
box as a webserver or any other type of server? Is this a ping from the
outside or inside? Does Logwatch tell you this?
Brian Kelsay
>>> docv <> 10/12/04 07:37AM >>>
I've got a box running RH9.0 and in the Logwatch report last night, I
got the following entry;
--------------------- Kernel Begin ------------------------
8 Time(s): ICMP: 65.70.45.21: Source Route Failed.
---------------------- Kernel End -------------------------
Unfortunately, the is NOT my IP address!!! Is this telling me what I
think it is, The box has been compromised????
More information about the Kclug
mailing list