'ping' did something strange -- I'm Very Concerned
by SaintDanBert from LinuxQuestions.org on (#6PYPR)
While tinkering with my network printers, I used ping on one of my devices:
Code:prompt $ ping -c 5 192.168.50.77
PING 192.168.50.77 (192.168.50.77) 56(84) bytes of data.
From 192.168.50.87 icmp_seq=1 Destination Host Unreachable
From 192.168.50.87 icmp_seq=2 Destination Host Unreachable
From 192.168.50.87 icmp_seq=3 Destination Host Unreachable
From 192.168.50.87 icmp_seq=4 Destination Host Unreachable
From 192.168.50.87 icmp_seq=5 Destination Host Unreachable
--- 192.168.50.77 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4095ms
pipe 3NOTE: I asked for dot-77 and dot-87 got scanned.
In another case:
Code:prompt $ ping -c 5 192.168.50.87
PING 192.168.50.87 (192.168.50.87) 56(84) bytes of data.
64 bytes from 192.168.50.87: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.50.87: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.50.87: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.50.87: icmp_seq=4 ttl=64 time=0.066 ms
64 bytes from 192.168.50.87: icmp_seq=5 ttl=64 time=0.079 ms
--- 192.168.50.87 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4079ms
rtt min/avg/max/mdev = 0.030/0.056/0.079/0.016 msNOTE: I don't have a dot-87 on my LAN.
Q1. Why would ping scan an IP that I didn't ask for?
Q2. How do I discover if I have an IP hack on my LAN?
Code:prompt $ ping -c 5 192.168.50.77
PING 192.168.50.77 (192.168.50.77) 56(84) bytes of data.
From 192.168.50.87 icmp_seq=1 Destination Host Unreachable
From 192.168.50.87 icmp_seq=2 Destination Host Unreachable
From 192.168.50.87 icmp_seq=3 Destination Host Unreachable
From 192.168.50.87 icmp_seq=4 Destination Host Unreachable
From 192.168.50.87 icmp_seq=5 Destination Host Unreachable
--- 192.168.50.77 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4095ms
pipe 3NOTE: I asked for dot-77 and dot-87 got scanned.
In another case:
Code:prompt $ ping -c 5 192.168.50.87
PING 192.168.50.87 (192.168.50.87) 56(84) bytes of data.
64 bytes from 192.168.50.87: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.50.87: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.50.87: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.50.87: icmp_seq=4 ttl=64 time=0.066 ms
64 bytes from 192.168.50.87: icmp_seq=5 ttl=64 time=0.079 ms
--- 192.168.50.87 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4079ms
rtt min/avg/max/mdev = 0.030/0.056/0.079/0.016 msNOTE: I don't have a dot-87 on my LAN.
Q1. Why would ping scan an IP that I didn't ask for?
Q2. How do I discover if I have an IP hack on my LAN?