Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Is it hacking?

from [James M. Clark] Network Security [Permanent Link]
Subject: RE: Is it hacking?
Date: Thu, 16 Jun 2005 14:42:00 -0700 
I have a suspicion this is a rouge dhcp as well. See if you can lease a
192 address or set to a static. I bet if you connect to the dhcp device
in a browser (192.168.1.1) that should give you an idea of what type of
device you are looking for. 

Good luck,
James

-----Original Message-----
From: Bozovic, Milos [mailto:milos@arts.si] 
Sent: Thursday, June 16, 2005 11:28 AM
To: A Riaz; security-basics@securityfocus.com
Subject: RE: Is it hacking?

Hello!

Just a quick thought. Is it possible that someone inadvertently
connected some kind of DSL router or print server with DHCP server
capabilities to the network? Also, do you use dhcp on the network or
static IPs for your computers? The IP you're mentioning is in common
range of default installations for some of these devices. 

Kind regards,
Milos

-----Original Message-----
From: A Riaz [mailto:ariaz1949@hotmail.com] 
Sent: Thursday, June 16, 2005 11:11 AM
To: jfountain@rbinc.com; security-basics@securityfocus.com
Subject: RE: Is it hacking?

Jenn,

Thanks for your response. Our network is 10.0.0.255. A machine with IP 
192.168.1.251 shouldn't exist.

I think I should also check if any machine on the network is infected
with 
some virus or trojan.

Thanks,

AR


From: "Jennifer Fountain" <jfountain@rbinc.com>
To: "A Riaz"

<ariaz1949@hotmail.com>,<security-basics@securityfocus.com>

Subject: RE: Is it hacking?
Date: Wed, 15 Jun 2005 20:10:22 -0400


To disable the error being logged by the kernel changing the following
line:
echo 1 >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

From what I can tell, these aren't usually a result of an attack (but
others will probably have more information.)

But things to check - Is this IP on your network?  Could there be a
problem with that machine?

HTH
-Jenn

-----Original Message-----
From: A Riaz [mailto:ariaz1949@hotmail.com]
Sent: Wednesday, June 15, 2005 11:38 AM
To: security-basics@securityfocus.com
Cc: ariaz1949@hotmail.com
Subject: Is it hacking?

Hello everyone,

I'm getting the following entery in the message log every 5 mins:

kernel: 192.168.1.251 sent an invalid ICMP error to a broadcast.

I'm running Redhat Linux 9. Is it an attempt to hack into the system?
Any advice?

Thanks,

AR

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/




_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing Backups via Encryption, T
Next by Date:  Re: Hacked again???, Christoph 'knurd' Jeschke
Previous by Thread:  RE: Is it hacking?, Jennifer Fountain
Next by Thread:  Re: Re: Is it hacking?, verisignsoft
Indexes:  [Date] [Thread] [Top] [All Lists]