I would more think that his machine (or someone from the same subnet) is sending a IP datagram with TTL 1 to this IP (traceroute or anykind of ip traffic).
Looking at icmp.c, it says do not violate rfc 1122.
An ICMP error message MUST NOT be sent as the result of
* a datagram whose source address does not define a single
host -- e.g., a zero address, a loopback address, a
broadcast address, a multicast address, or a Class E
CHECK that the netmask is the same as the one of the machine sending you this.
If it is ok, then the remote machine "should" not send this (not following the RFC1122)
To disable further interpretation of this packets for your kernel, you need sysctl configured in your kernel and add net.ipv4.icmp_ignore_bogus_error_responses in sysctl.conf
Last edited by nx5000; 10-20-2005 at 07:21 AM.